PT-2016-6908 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center version 6.0.1 Description: The issue allows local users to obtain sensitive information by leveraging CLI access due to hardcoded database credentials. Recommendations: For Cisco Firepower Management Center...

ovirt-engine: ovirt-engine-provisiondb logs contain DB username and password in plain text

It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the “—provisiondb” options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such...

Open Dental Hardcoded Credentials Security Bypass Vulnerability

Open Dental formerly Free Dental is a suite of open source dental practice management software from Open Dental USA. A security vulnerability exists in Open Dental that stems from the program containing hard-coded database credentials. A remote attacker with known credentials could exploit the...

MySQL 5.5.45 (64bit) Local Certificate Disclosure Vulnerability

Oracle MySQL is an open source relational database management system. A local certificate disclosure vulnerability exists in MySQL version 5.5.45. It allows an attacker to obtain the username and password provided for accessing the database...

Joomla Sensitive Core Files Information Disclosure

An information disclosure vulnerability exists in multiple Joomla Plugins and themes. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to disclosure of database credentials...

WSO2 Carbon 4.4.5 Local File Inclusion

Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt + ISR: ApparitionSec Vendor: =============== www.wso2.com Product: ==================== Ws02Carbon v4.4.5 WSO2 Carbon is the core...

CVE-2015-5969

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise SLE 12.1 and openSUSE Leap 42.1...

CVE-2015-5969

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise SLE 12.1 and openSUSE Leap 42.1...

Design/Logic Flaw

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise SLE 12.1 and openSUSE Leap 42.1...

CVE-2015-5969

CVE-2015-5969 involves the mysql-systemd-helper script in mysql-community-server and mariadb packages on openSUSE/OpenSUSE Leap/SLE. The issue allows local users to discover database credentials by listing a running process and its arguments. Affected packages/versions (from the Initial Descripti...

CVE-2015-5969

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise SLE 12.1 and openSUSE Leap 42.1...

WordPress Sensitive System Files Information Disclosure

An information disclosure vulnerability exists in multiple WordPress Plugins and themes. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to disclosure of database credentials...

Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal

Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18,...

Path Traversal via CSRF in bitrix.xscan Bitrix Module

High-Tech Bridge Security Research Lab discovered vulnerability in bitrix.xscan Bitrix module, intended to discover and neutralize malware on the website. The vulnerability can be exploited to change extension of arbitrary PHP files on the target system and gain access to potentially sensitive...

Xceedium Xsuite Hardcoded Credentials Vulnerability

Xceedium Xsuite is a unified identity management solution from Xceedium that provides access control, monitoring and logging capabilities for hybrid cloud environments. The solution supports access control policies based on roles or individual users. Xceedium Xsuite suffers from a hard-coded...

CVE-2014-4875

CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server BOSS DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access...

CVE-2014-4875

CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server BOSS DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access...

thermostat: world-readable configuration file containing credentials

It was discovered that the Thermostat web application stored database authentication credentials in a world-readable configuration file. A local user on a system running the Thermostat web application could use this flaw to access and modify monitored JVM data, or perform actions on connected JVM...

SysAid Help Desk Database Credentials Disclosure

This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. This is used to download the server configuration file that contains the database username and password, which is encrypted with a fixed, known key. This modul...

MantisBT 1.3.0-beta.1 Multiple Vulnerabilities

Binary data 8907.prm...