CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

PT-2024-34619 · Altai · Altai Ix500 Indoor 22 802.11Ac Wave 2 Ap

Name of the Vulnerable Software and Affected Versions: Altai IX500 Indoor 22 802.11ac Wave 2 AP affected versions not specified Description: The issue allows attackers to obtain sensitive information such as user credentials, system configuration, and database connection strings after login, due ...

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

CVE-2024-51399

The CVE-2024-51399 entry concerns Altai IX500 Indoor 22 802.11ac Wave 2 AP. Reported behavior: after login, background file reads can disclose sensitive data (user credentials, system configuration, database connection strings). Documented impact: potential data breach/identity theft. Connected s...

PT-2024-32391 · Dataease +1 · Dataease +1

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.25 Description: DataEase is an open source data visualization analysis tool. The PostgreSQL data source function allows customization of JDBC connection parameters and the PG server target. However, the...

H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...

PVS Configuration Wizard fails when connecting to the database

The customer has PVS servers running in Azure. In the PVS Configuration Wizard, in the "Database Server" dialogue when specifying Authentication "Active Directory Password ", and proceeding with specifying a domain username and password results in an error...

Error: "The system was not configured correctly"” Appears when Provisioning Services Console Fails to Connect to Farm

The Provisioning Services Console fails to connect to the farm and displays one of the following error messages: “The system setup is not correct.” or "The system was not configured correctly" The Event logs register a series of Event 11 with StreamProcess as the source: “Cannot establish a...

Server-Side Request Forgery (SSRF)

vrana/adminer is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the improper handling of user-supplied input in database connection fields. This allows an unauthenticated remote attacker to enumerate or access systems they would not otherwise have access to...

Information Disclosure

silverstripe/framework is vulnerable to Information Disclosure. The vulnerability is due to sensitive database connection details potentially being exposed in stack traces when running in dev mode with the mysqli database driver...

CVE-2023-45195

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4...

CVE-2023-45195 Adminer and AdminerEvo SSRF

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4...

CVE-2023-45195

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4...

SQL Injection

Magento is vulnerable to SQL injection. The vulnerability is due to a user with store manipulation privileges being able to execute arbitrary SQL queries by accessing the database connection through a group instance in email templates...

Information Disclosure

github.com/zitadel/zitadel is vulnerable to an Information Disclosure. The vulnerability is due to inadequate error handling, which can allows expose sensitive database connection information to users during a connection failure...

CVE-2024-32967

Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no...

CVE-2024-1102

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

CVE-2024-1102

CVE-2024-1102 affects Red Hat JBoss EAP 8.x via the jberet-core logging component. An exception in the dbProperties handling could disclose database credentials (username/password) in logs, impacting confidentiality. The CVE is referenced in Red Hat advisories RHSA-2024:3580/3581 and linked RHSA ...

CVE-2024-1102 Jberet: jberet-core logging database credentials

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

Vulnerabilities fixed in Micorosft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are located in the various ODBC and OLE DB drivers and allow a malicious party to execute arbitrary code execute application privileges, potentially gaining access gain access to sensitive data. Successful abuse requires the...