CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 1CVE-2016-4999 – Dashbuilder: SQL Injection on data set lookup filters
https://notcve.org/view.php?id=CVE-2016-4999
14 Jul 2016 — SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. Vulnerabilidad de inyección SQL en el método getStringParameterSQL en main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java en Dashbuilder en versiones anteriores a 0.6.0.Beta1 p... • https://github.com/shanika04/dashbuilder • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 1CVE-2015-0250 – Schneider Electric EcoStruxure Data Center Expert XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-0250
23 Mar 2015 — XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. Vulnerabilidad de entidad externa XML (XXE) en los gráficos vectoriales redimensionables en las clases de conversión (1) PNG y (2) JPG en Apache Batik 1.x anterior a 1.8 permite a atacantes remotos leer ficheros arbitrarios o causar una denegación de servicio a través de un fichero de g... • http://advisories.mageia.org/MGASA-2015-0138.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0005 – PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application
https://notcve.org/view.php?id=CVE-2014-0005
17 Feb 2015 — PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application. PicketBox y JBossSX, utilizado en Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 y JBoss BRMS anterior a 6.0.3 roll up patch 2, permite a usuarios remotos autenticados leer y modificar la configuración y estado del servidor d... • http://rhn.redhat.com/errata/RHSA-2014-0343.html • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •