15 matches found
EUVD-2018-0649
Malware in sbrugna...
EUVD-2018-0692
Malware in sbrugna...
OrientDB Studio web management interface is vulnerable to clickjacking attacks
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
com.orientechnologies:orientdb-community (=2.1.0), com.orientechnologies:orientdb-distributed (=2.1.0) +4 more potentially affected by CVE-2015-2913 via com.orientechnologies:orientdb-server (=2.1.0)
com.orientechnologies:orientdb-server MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.orientechnologies:orientdb-server and may be impacted: - com.orientechnologies:orientdb-community =2.1.0 -...
com.orientechnologies:orientdb (>=1.0 <=1.5.1), com.orientechnologies:orientdb-community (>=1.6.5 <=2.0.14) +17 more potentially affected by CVE-2015-2913 via com.orientechnologies:orientdb-server (>=1.0 <=2.0.14)
com.orientechnologies:orientdb-server MAVEN version =1.0, =1.0, =1.6.5, =1.1.0, =2.0, =1.1.0, =2.0, =1.7, =1.0, =0.1.17, =0.2.14 - org.ops4j.orient.samples:orient-sample1 =0.3.0 - org.ops4j.orient.samples:orient-sample2 =0.3.0 - org.ops4j.orient:orient-ra =0.3.0 - org.ops4j.orient:orient-ra-api...
GHSA-V6WR-FCH2-VM5W OrientDB Server Community Edition uses insufficiently random values to generate session IDs
OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values in the server/network/protocol/http/OHttpSessionManager.java, which makes it easier for remote attackers to predict a value by...
OrientDB-Server vulnerable to Cross-Site Request Forgery
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and obtain sensitive information, via a crafted HTTP...
OrientDB Server < 2.0.15, 2.1.x < 2.1.1 'Studio component' Multiple Vulnerabilities
OrientDB server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:orientdb:orientdb";...
CVE-2015-2912
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and obtain sensitive information, via a crafted HTTP...
Cross site request forgery (csrf)
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and obtain sensitive information, via a crafted HTTP...
CVE-2015-2913
OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 is affected by CVE-2015-2913 due to using java.util.Random for Session ID generation in server/network/protocol/http/OHttpSessionManager.java, which can allow remote attackers to predict session IDs. The issue is documente...
CVE-2015-2913
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict...
CVE-2015-2918
The CVE concerns the OrientDB Studio web management interface in the OrientDB Server Community Edition. Affected versions are before 2.0.15 and before 2.1.1 (2.1.x line). The root cause is that Studio does not properly restrict use of FRAME elements, allowing remote attackers to perform clickjack...
Orient Technologies Studio for OrientDB Server Community Edition Clickjacking Vulnerability
Orient Technologies Studio for OrientDB Server Community Edition is a community edition of OrientDB Server from Orient Technologies, UK. Orient Technologies Studio for OrientDB Server Community Edition fails to enforce the same-origin policy by default in the X-Frame-Options response header,...
Orient Technologies Studio for OrientDB Server Community Edition Random Number Generation Vulnerability
Orient Technologies Studio for OrientDB Server Community Edition is a community edition of OrientDB Server from Orient Technologies, UK. A problem with Orient Technologies Studio for OrientDB Server Community Edition random number generation allows remote attackers to exploit vulnerabilities to...