330 matches found
CVE-2014-4311
Epicor Enterprise 7.4 before FS74SP6HotfixTL054181 allows attackers to obtain the 1 Database Connection and 2 E-mail Connection passwords by reading HTML source code of the database connection and email settings page...
Code injection
Epicor Enterprise 7.4 before FS74SP6HotfixTL054181 allows attackers to obtain the 1 Database Connection and 2 E-mail Connection passwords by reading HTML source code of the database connection and email settings page...
CVE-2014-4311
Epicor Enterprise 7.4 before FS74SP6HotfixTL054181 allows attackers to obtain the 1 Database Connection and 2 E-mail Connection passwords by reading HTML source code of the database connection and email settings page...
Epicor Enterprise 7.4 - Multiple Vulnerabilities
Epicor suffers from cross site scripting and password disclosure vulnerabilities. "Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th...
SA-CORE-2014-004 - Drupal core - Denial of service
Drupal 6 and Drupal 7 include an XML-RPC endpoint which is publicly available xmlrpc.php. The PHP XML parser used by this XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site's database to rea...
Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC
No description provided by source. ?php / Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC .oce by rgod found a local vector for this: http://retrogod.altervista.org/9sgoracledatadirect.htm http://www.exploit-db.com/exploits/18007/ This poc will create a...
prevent crashing when running out of database connections
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-33522. panel One common total crash for Confluence is when it does run out of database connection. Any reliable web application...
prevent crashing when running out of database connections
One common total crash for Confluence is when it does run out of database connection. Any reliable web application should be able to resist to a peak in number of request and not to fully crash when this happens. This is also a security issue because it means that anyone could easily bring the...
CVE-2014-1217
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors...
Design/Logic Flaw
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors...
CVE-2014-1217
Livetecs Timelive prior to version 6.2.8 has an unauthenticated access flaw in systemsetting.aspx that enables remote attackers to alter configurations and disclose the database connection string and credentials. The vulnerability affects Timelive 6.2.71 and similar build variants; fixed in 6.2.8...
CVE-2014-1217
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors...
ShopXP admin/pinglun.asp SQL注入漏洞
http://bbs.anquan.org/forum.php?mod=viewthread&tid=22021&page=1pid55222漏洞存在于/admin/pinglun.asp 文件 --用户评论 首先看到 引用了xp.asp文件, 这个文件的作用是获取数据库连接对象,继续回到/admin/pinglun.asp 文件, pinglunid=request.QuerySt...
Shopex V4. 8. 4|V4. 8. 5 download an arbitrary file vulnerability-vulnerability warning-the black bar safety net
The use of the premise is to program the application to the database server and if possible even outside, this is critical. Your engage in Station time to meet with the station, online can't find the version of the vulnerability, their own get back to the source to read a bit. Find a loophole, or...
Shop treasure self-help built Station system command execution-vulnerability warning-the black bar safety net
Brief description: struct command execution, root permissions, the database can be connected, the number of users large Detailed description: http://login.ctoshop.com/shopsystemF/checkLogin.action Vulnerability proof: The website physical path: /home/webserver/shopsystemF java. home:...
PostgreSQL JDBC驱动程序交互错误SQL注入攻击漏洞
CVE ID: CVE-2012-1618 PostgreSQL JDBC驱动程序可允许Java程序连接到PostgreSQL数据库。 PostgreSQL JDBC 8.2之前版本结合使用启用了"standardconformingstrings"选项的PostgreSQL服务器时存在交互错误,无法正确转义某些JDBC语句参数,可允许远程攻击者执行SQL注入攻击。 0 PostgreSQL JDBC Driver 8.2 厂商补丁: PostgreSQL ---------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
RuubikCMS 1.1.0 Beta XSS / Disclosure / Directory Traversal
========================================================= Vulnerable software: RuubikCMS Version 1.1.0 Beta Official site: http://www.ruubikcms.com/ Downloaded from: http://www.ruubikcms.com/ruubikcms/download.php?f=ruubikcms111.zip ========================================================= Tested...
Oracle DataDirect ODBC drivers arsqls24. dll buffer overflow vulnerability-vulnerability warning-the black bar safety net
? php / Oracle DataDirect ODBC drivers arsqls24. dll buffer overflow vulnerability Overflow PoC . oce by rgod This poc will create a suntzu. the oce file which should work against Hyperion Interactive Reporting Studio which is delivered with the Oracle Hyperion Suite. When clicked a login box...
Design/Logic Flaw
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/...
CVE-2011-4741
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/...