Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jdbc vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-27216
Jenkins dbCharts Plugin 0.5.2 and previous versions stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Jenkins Dbcharts
6.5
CVSSv2
CVE-2022-22958
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI whi...
Vmware Cloud Foundation
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation
Vmware Vrealize Automation 7.6
Vmware Vrealize Suite Lifecycle Manager
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
NA
CVE-2022-36364
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution l...
Apache Apache Calcite Avatica
NA
CVE-2024-23833
OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver l...
4.6
CVSSv2
CVE-2005-4668
The embedded HSQLDB in ParosProxy prior to 3.2.7, when running with JDK 1.4.2 prior to 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.
Parosproxy Parosproxy 3.2.1
Parosproxy Parosproxy 3.2.2
Parosproxy Parosproxy 3.2.3
Parosproxy Parosproxy 3.2.4
Parosproxy Parosproxy 3.2.0
Parosproxy Parosproxy 3.2.5
Parosproxy Parosproxy 3.2.6
2.1
CVSSv2
CVE-2009-0503
IBM WebSphere Message Broker 6.1.x prior to 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs.
Ibm Websphere Message Broker 6.1
Ibm Websphere Message Broker
2.1
CVSSv2
CVE-2000-1247
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
Apache Jserv 1.1.2
6.8
CVSSv2
CVE-2022-25205
A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and previous versions allows malicious users to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins insta...
Jenkins Dbcharts
4.3
CVSSv2
CVE-2020-2235
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows malicious users to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially cap...
Jenkins Pipeline Maven Integration
6.5
CVSSv2
CVE-2022-22957
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI whi...
Vmware Cloud Foundation
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation
Vmware Vrealize Automation 7.6
Vmware Vrealize Suite Lifecycle Manager
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
1 Metasploit module
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »