Lucene search
K

234 matches found

CNNVD
CNNVD
added 2022/05/17 12:0 a.m.5 views

CmsEasy 安全漏洞

CmsEasy is a content management system CMS for creating responsive websites from China's Jiuzhou eTong Technology Company. A security vulnerability exists in CmsEasy version 7.7.520211012, which stems from being affected by an arbitrary file read vulnerability. An attacker can exploit the...

6.5CVSS6.7AI score0.00939EPSS
Exploits1References2
NCSC
NCSC
added 2022/04/20 12:0 a.m.6 views

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...

8.2CVSS7.5AI score0.01655EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.11 views

PT-2022-3547 · Mendix · Mendix

Name of the Vulnerable Software and Affected Versions: Mendix Applications using Mendix 7 versions prior to 7.23.27 Mendix Applications using Mendix 8 versions prior to 8.18.14 Mendix Applications using Mendix 9 versions prior to 9.12.0 Mendix Applications using Mendix 9 V9.6 versions prior to...

6.5CVSS6AI score0.00649EPSS
Exploits0References4
NCSC
NCSC
added 2022/01/19 12:0 a.m.12 views

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following Oracle Database Server products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX Engineered Systems Utilities The vulnerabilities allow a malicious person to carry out attacks execute attac...

7.8CVSS6AI score0.99999EPSS
Exploits22
Tenable Nessus
Tenable Nessus
added 2021/11/19 12:0 a.m.47 views

ManageEngine Log360 < Build 5235 Database Configuration Overwrite RCE

Binary data manageenginelog360cve-2021-20136.nbin...

9.8CVSS9.7AI score0.10453EPSS
Exploits1References2
Prion
Prion
added 2021/11/01 9:15 p.m.24 views

Improper access control

ManageEngine Log360 Builds 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log3...

7.5CVSS9.6AI score0.10453EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/11/01 8:55 p.m.28 views

CVE-2021-20136

ManageEngine Log360 Builds 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log3...

9.9AI score0.10453EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/06/23 12:0 a.m.1 views

IBM DB2 后置链接漏洞

IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 for Linux, UNIX, and Windows including DB2 Connect Server has a backlink vulnerability that can be exploit...

6.2CVSS5.7AI score0.0029EPSS
Exploits0References9
CNVD
CNVD
added 2021/05/26 12:0 a.m.4 views

Logic Flaw Vulnerability in CareyShop of Ningbo Humen Technology Co.

CareyShop is a high-performance open source mall framework system based on ThinkPHP framework development. Ningbo Humen Technology Co. CareyShop has a logic flaw vulnerability that can be exploited by an attacker to read the database configuration file...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/02/02 12:0 a.m.2 views

xiycms backend has arbitrary file read vulnerability

xiycms is an open source and free enterprise content management system. xiycms backend has an arbitrary file read vulnerability. An attacker can exploit the vulnerability to read the database configuration file...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2020/09/16 6:31 p.m.24 views

ImpressCMS: SQL injection when configuring a database

Summary: I found a SQL Injection in the form of a system install Database configuration Steps To Reproduce: - Run command: git clone https://github.com/ImpressCMS/impresscms.git - Stop at a menu item: Database configuration - In the Database name field, insert the following exploit: sql...

0.3AI score
Exploits0
Kitploit
Kitploit
added 2020/05/21 9:27 p.m.62 views

Carina - Webshell, Virtual Private Server (VPS) And cPanel Database

Carina is a web application used to store webshell, Virtual Private Server VPS and cPanel data. Carina is made so that we don't need to store webshell, VPS or cPanel data in "strange places". Screenshots Install Carina 1. $ git clone https://github.com/c0delatte/carina && cd carina 2. Run compose...

7.2AI score
Exploits0References1
Veracode
Veracode
added 2020/03/10 1:33 a.m.17 views

Arbitrary Code Execution

froxlor/froxlor is vulnerable to arbitrary code execution. The backupExistingDatabase in install/lib/class.FroxlorInstall.php allows remote attackers with access to the installation routine to execute arbitrary code due to the unescaped database configuration options being passed to exec...

8.8CVSS6.9AI score0.01682EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2020/03/09 4:15 p.m.32 views

CVE-2020-10235

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...

8.8CVSS8.8AI score0.01682EPSS
Exploits1References4
OSV
OSV
added 2020/03/09 4:15 p.m.12 views

CVE-2020-10235

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...

8.8CVSS7.4AI score
Exploits0References4
Prion
Prion
added 2020/03/09 4:15 p.m.12 views

Code injection

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...

6.5CVSS8.8AI score0.01682EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/03/09 3:4 p.m.32 views

CVE-2020-10235

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...

8.9AI score0.01682EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2020/02/07 2:15 p.m.3 views

CVE-2013-0192

File Disclosure in SMF SimpleMachines Forum = 2.0.3: Forum admin can read files such as the database config...

4.9CVSS5.4AI score0.0376EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2019/12/04 12:0 a.m.6 views

TitanHQ WebTitan Information Disclosure Vulnerability

TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A security vulnerability exists in TitanHQ WebTitan versions prior to 5.18. An attacker could exploit the vulnerability to disclose database configuration files...

4CVSS6.6AI score0.00799EPSS
Exploits1References1
NVD
NVD
added 2019/12/02 5:15 p.m.21 views

CVE-2019-19018

An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using...

4CVSS3.8AI score0.00799EPSS
Exploits1References2
Rows per page
Query Builder