PT-2024-4032 · Unknown · Laborofficefree

Name of the Vulnerable Software and Affected Versions: LaborOfficeFree version 19.10 Description: The issue affects the executable files LOF service.exe and LaborOfficeFree.exe, allowing an attacker to read and extract the username and password from the database. This can lead to unauthorized...

CVE-2023-4538

The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL...

CVE-2024-22901

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials...

PT-2024-16708 · Unknown · Jberet-Core

Name of the Vulnerable Software and Affected Versions: jberet-core affected versions not specified Description: A vulnerability was found in jberet-core logging. An exception in dbProperties might display user credentials such as the username and password for the database-connection...

jberet Security Vulnerabilities

jberet is a jberet open source application to provide portable batch processing support in Jakarta EE environments. A security vulnerability exists in jberet that stems from an exception in dbProperties that may display user credentials, such as the username and password for a database connection...

CVE-2023-6266 Backup Migration <= 1.3.6 - Unauthenticated Arbitrary Backup Download to Sensitive Information Exposure

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download...

CVE-2023-6266 Backup Migration <= 1.3.6 - Unauthenticated Arbitrary Backup Download to Sensitive Information Exposure

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download...

PT-2024-4161 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the product installer due to the use of default...

CVE-2023-52286

Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/getdbinfo request, a related issue to CVE-2023-42387...

CVE-2023-52286

Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/getdbinfo request, a related issue to CVE-2023-42387...

CVE-2023-52286

Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/getdbinfo request, a related issue to CVE-2023-42387...

CVE-2023-52286

Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/getdbinfo request, a related issue to CVE-2023-42387...

CVE-2023-52286

Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/getdbinfo request, a related issue to CVE-2023-42387...

PT-2023-31957 · Tencent · Tdsqlpcloud

Name of the Vulnerable Software and Affected Versions: Tencent tdsqlpcloud versions 1.8.5 and earlier Description: The issue allows unauthenticated remote attackers to discover database credentials via an "index.php/api/install/get db info" request. This is a related issue to another previously...

CVE-2023-52286

CVE-2023-52286 affects Tencent tdsqlpcloud up to version 1.8.5, where an unauthenticated remote attacker can read database credentials via index.php/api/install/get_db_info. The issue is linked to CVE-2023-42387 (TDSQL Chitu). CVSS 3.1 base score 7.5 (CONF: HIGH) with Network access, no user inte...

VulnCheck KEV: CVE-2021-24227

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials...

PT-2023-8171 · Oracle +1 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: Voltronic Power ViewPower Pro affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the configuration of a MySQL instance, resulting from...

CVE-2023-5710

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdconstants function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2023-5710 System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_constants)

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdconstants function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

WordPress plugin System Dashboard security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...