CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

How to Optimize Your Database Storage in MySQL

By Owais Sultan SQL structured query language is a unique programming language for storing, manipulating, and retrieving data from a database.… This is a post from HackRead.com Read the original post: How to Optimize Your Database Storage in MySQL...

CVE-2021-45491

3CX System through 2022-03-17 stores cleartext passwords in a database...

[SECURITY] Fedora 34 Update: cyrus-imapd-3.2.8-2.fc34

The Cyrus IMAP Internet Message Access Protocol server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use from...

CVE-2021-46030

There is a Cross Site Scripting attack XSS vulnerability in JavaQuarkBBS = v2. By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module...

Vxscan

This is a Python-based comprehensive scanning tool called Vxscan. It is used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The too...

CVE-2021-33694

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting...

Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...

Psyprax Encryption Problem Vulnerability

A security vulnerability exists in Psyprax beforee 3.2.2, which stems from passwords used to encrypt data being stored in a fuzzy format in a database...

Epikur Encryption Issues Vulnerabilities

Epikur is a healthcare mobile application from German company Epikur that provides users with psychotherapy, patient management, and other features. A security vulnerability exists in Epikur before 20.1.1 that stems from storing user passwords as MD5 hashes in the database...

The vulnerability of the database storage of the Cisco Firepower Management Center (FMC) software network management server allows a hacker to gain unauthorized access to protected information.

The vulnerability of the database storage of the Cisco Firepower Management Center FMC software network management server is related to the storage of passwords in an unencrypted form. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

CVE-2020-24680

In S+ Operations and S+ Historian, the passwords of internal users not Windows Users are encrypted but improperly stored in a database...

CVE-2020-24680

In S+ Operations and S+ Historian, the passwords of internal users not Windows Users are encrypted but improperly stored in a database...

CVE-2020-26672

Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting XSS in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database...

CVE-2020-15177

GLPI prior to 9.5.2 is vulnerable due to install/install.php storing user input into url_base/url_base_api, enabling XSS and insecure redirection without authentication; patch to 9.5.2 or later.

Information Disclosure

djangoceleryresults is vulnerable to information disclosure. The vulnerability exists as it stores the results of a celery task in the database in plaintext without any sanitization...

CVE-2020-17495

django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database...

CVE-2020-15105

Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session base64-encoded. The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor...

Apache SkyWalking SQL Injection Vulnerability

Apache SkyWalking is an application performance monitor from the Apache Software USA Foundation primarily for environments such as microservices, cloud-native and container-based. An SQL injection vulnerability exists in the H2/MySQL/TiDB storage implementation in Apache SkyWalking versions 6.0.0...