Information Disclosure

H2 Database Engine is vulnerable to information disclosure. The vulnerability is caused by the webAdminPassword argument, which allows an administrator to specify the password in plaintext. An attacker can get the password for the H2 web admin console by looking at the running processes...

GHSA-22WJ-VF5F-WRVJ Password exposure in H2 Database

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

DEBIAN-CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

UBUNTU-CVE-2022-45868

DISPUTED The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2022-45868

CVE-2022-45868 affects H2 Database Engine prior to 2.2.220. The web-based admin console can be started from the CLI with the -webAdminPassword argument, allowing the password to be passed in cleartext and discovered by a local user or someone with local access by listing processes and their argum...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

FeehiCMS Cross-Site Scripting Vulnerability (CNVD-2022-78143)

FeehiCMS is a Php-based CMS website builder for individual developers. feehiCMS version v2.1.1 has a security vulnerability that originates from an id parameter on /web/admin/index.php?r=log/view-layer found to contain a reflective cross-site scripting XSS vulnerability. No detailed vulnerability...

GHSA-3PPM-FWHM-QQG6 FeehiCMS is vulnerable to Cross-Site Scripting (XSS)

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer...

FeehiCMS is vulnerable to Cross-Site Scripting (XSS)

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer...

Cross site scripting

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer...

CVE-2022-43320

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer...

Security Bulletin: IBM Tivoli Directory Server Cross-Site scripting vulnerability with the Web Admin Tool (CVE-2012-0740)

Abstract IBM Tivoli Directory Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Web Admin Tool. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0740 DESCRIPTION: IBM Tivoli Directory Server TDS is vulnerable to cross-site scripting, caused b...

Sophos Firewall 代码注入漏洞

Sophos Firewall is a firewall from Sophos UK. A code execution vulnerability exists in Sophos Firewall 19.0.1 and prior versions, which fails to properly filter special elements of constructed snippets in User Portal and Webadmin. An attacker can exploit the vulnerability to cause arbitrary code...

CVE-2022-27561

There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin LotusTraveler.nsf...

CVE-2022-27561

CVE-2022-27561 describes a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). The connected sources confirm the affected component is LotusTraveler.nsf within HCL Traveler and identify the vulnerability as reflected XSS. No concrete exploitation detail...