99 matches found
CVE-2013-6231
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script...
EUVD-2013-6062
Malware in sbrugna...
EUVD-2013-6063
Malware in sbrugna...
EUVD-2014-7167
Malware in sbrugna...
EUVD-2013-6061
Malware in sbrugna...
EUVD-2024-52671
Malicious code in bioql PyPI...
EUVD-2024-52672
Malicious code in bioql PyPI...
EUVD-2024-52673
Malicious code in bioql PyPI...
CVE-2024-54792
A Cross-Site Request Forgery CSRF vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users...
CVE-2024-54795
SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting XSS vulnerabilities in the create/edit forms of the worksheet designer function...
CVE-2024-54794
The script input feature of SpagoBI 3.5.1 allows arbitrary code execution...
CVE-2024-57971
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name...
CVE-2024-57971
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name...
CVE-2024-57971
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name...
Knowage 安全漏洞
Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage Italy. A security vulnerability exists in Knowage versions prior to 8.1.30, which stems from DataSourceResource.java in the SpagoBI API support not ensuring that java:comp/env/jdbc/...
CVE-2024-57971
Knowage before 8.1.30 is affected by CVE-2024-57971 due to DataSourceResource.java in the SpagoBI API support not ensuring that java:comp/env/jdbc/ occurs at the beginning of a JNDI name. This misconfiguration can expose a high-severity vulnerability with a CVSS v3.1 base score of 9.1 (Network, L...
CVE-2024-57971
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name...
SpagoBI 3.5.1 Command Injection Vulnerability
CVE-2024-54794 Severity : Critical 9.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by Command Injection vulnerability in the script input feature. Poc In the Poc the attacker has to be logged into the...
SpagoBI 3.5.1 Cross Site Request Forgery Vulnerability
CVE-2024-54792 Severity : Medium 6.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by CSRF in the admin panel that manages user grants. Poc The add/edit/delete user panel, accessible by the admin user, do n...
SpagoBI 3.5.1 Cross Site Request Forgery
SpagoBI versions 3.5.1 and below suffer from a cross site request forgery vulnerability. CVE-2024-54792 Severity : Medium 6.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by CSRF in the admin panel that...