SUSE CVE-2025-24787

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

CVE-2025-24787

CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

CVE-2024-51399

The CVE-2024-51399 entry concerns Altai IX500 Indoor 22 802.11ac Wave 2 AP. Reported behavior: after login, background file reads can disclose sensitive data (user credentials, system configuration, database connection strings). Documented impact: potential data breach/identity theft. Connected s...

PT-2024-34619 · Altai · Altai Ix500 Indoor 22 802.11Ac Wave 2 Ap

Name of the Vulnerable Software and Affected Versions: Altai IX500 Indoor 22 802.11ac Wave 2 AP affected versions not specified Description: The issue allows attackers to obtain sensitive information such as user credentials, system configuration, and database connection strings after login, due ...

Secrets Sensei: Conquering Secrets Management Challenges

In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. Howeve...

Security Bulletin: IBM Robotic Process Automation is vulnerable to sensitive information disclosure in installation logs (CVE-2023-38733)

Summary IBM Robotic Process Automation server could allow an authenticated user to view sensitive information from installation logs. Authenticated users are able to view database connection strings in the IBM Robotic Process Automation installation logs. Vulnerability Details CVEID:CVE-2023-3873...

Design/Logic Flaw

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

MCL-Net 4.3.5.8788 Information Disclosure

Exploit Title: MCL-Net 4.3.5.8788 - Information Disclosure Date: 5/31/2023 Exploit Author: Victor A. Morales, GM Sectec Inc. Vendor Homepage: https://www.mcl-mobilityplatform.com/net.php Version: 4.3.5.8788 other versions may be affected Tested on: Microsoft Windows 10 Pro CVE: CVE-2023-34834...

Migrate Citrix Virtual Apps and Desktop databases to a new SQL server

Please follow these steps. 1.Close all instances of Citrix studio. Any configuration changes even through powershell to be stopped while following the stepsYou can power down DDCs to be extra cautious Take VM snapshot or take backup of all Delivery Controllers. 2. Take full backup of Site, Monito...

CVE-2023-32687

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...

PT-2023-23962 · Unknown · Tgstation-Server

Name of the Vulnerable Software and Affected Versions: tgstation-server versions 4.7.0 through 5.12.1 Description: The issue allows instance users with the list chat bots permission to read chat bot connection strings without the required permission. This affects a significant number of devices,...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

Sage Group Sage 300 安全漏洞

Sage Group Sage 300 is a well-established closed-source Enterprise Resource Planning ERP solution from Sage Group, UK, designed to facilitate ... A security vulnerability exists in Sage Group Sage 300. An attacker can exploit the vulnerability to recover used SQL connection strings and can create...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

CVE-2022-41400

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...

Hardcoded credentials

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...