CVE-2019-10123

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

Stack-Based Buffer Overflow

PostgreSQL is vulnerable to a stack-buffer overflow flaw. In PostgreSQL's pgcrypto module, An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL...

Arbitrary Code Execution

mysql is vulnerable to arbitrary code exeuction. It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary...

POSIM EVO for Windows Arbitrary Code Execution Vulnerability

POSIM EVO for Windows is a point-of-sale POS and inventory management system. The system includes features such as customer information management, email marketing and inventory management. An arbitrary code execution vulnerability exists in version 15.13 of POSIM EVO for Windows-based platforms,...

CVE-2018-15808

POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients...

Kcapifony gem for Ruby places database user passwords on the command line

lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the 1 mysqldump, 2 pgdump, 3 mysql, and 4 psql command lines, which allows local users to obtain sensitive information by listing the processes...

GHSA-6FCQ-3CM2-J3J5 Kcapifony gem for Ruby places database user passwords on the command line

lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the 1 mysqldump, 2 pgdump, 3 mysql, and 4 psql command lines, which allows local users to obtain sensitive information by listing the processes...

Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Chained Remote Code Execution', 'Description' = %q This module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to ga...

CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

Security Bulletin: IBM Cognos TM1 is affected by the following vulnerability: CVE-2014-0863

Summary A security vulnerability has been discovered in IBM Cognos TM1 resulting in unencrypted passwords found in memory on client. Vulnerability Details CVE-ID: CVE-2014-0863 CVSS Base Score: 4.0 CVSS Temporal Score: See for the current score CVSS Environmental Score: Undefined CVSS Vector:...

Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root

Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor...

Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root

Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.nagios.com/ Software Link:...

Design/Logic Flaw

All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is...

CVE-2017-15518

All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is...

CVE-2017-15518

CVE-2017-15518 affects NetApp OnCommand API Services (versions prior to 2.1) and NetApp Service Level Manager (prior to 1.0RC4). Root cause is that a privileged database user password is logged during operation; the vulnerability is mitigated by upgrading to the fixed versions. Documents indicate...

CVE-2017-15518

All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is...

CVE-2014-5001

lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the 1 mysqldump, 2 pgdump, 3 mysql, and 4 psql command lines, which allows local users to obtain sensitive information by listing the processes...

CVE-2014-5001

CVE-2014-5001 affects the Ruby gem kcapifony (version 2.1.6) via the file lib/ksymfony1.rb . The underlying issue is that the program places database user passwords on the command line for the tools mysqldump , pg_dump , mysql , and psql , which allows local users to obtain sensitive information ...

Bus Booking Script SQL Injection Vulnerability

Bus Booking Script is an online bus booking management system based on PHP and MySQL. A SQL injection vulnerability exists in Bus Booking Script. A remote attacker can obtain sensitive data e.g., current database user, mysql user by sending the 'spid' parameter to the admin/viewseatseller.php fil...

UBUNTU-CVE-2016-10700

authlogin.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for...