234 matches found
CmsEasy 安全漏洞
CmsEasy is a content management system CMS for creating responsive websites from China's Jiuzhou eTong Technology Company. A security vulnerability exists in CmsEasy version 7.7.520211012, which stems from being affected by an arbitrary file read vulnerability. An attacker can exploit the...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...
PT-2022-3547 · Mendix · Mendix
Name of the Vulnerable Software and Affected Versions: Mendix Applications using Mendix 7 versions prior to 7.23.27 Mendix Applications using Mendix 8 versions prior to 8.18.14 Mendix Applications using Mendix 9 versions prior to 9.12.0 Mendix Applications using Mendix 9 V9.6 versions prior to...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following Oracle Database Server products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX Engineered Systems Utilities The vulnerabilities allow a malicious person to carry out attacks execute attac...
ManageEngine Log360 < Build 5235 Database Configuration Overwrite RCE
Binary data manageenginelog360cve-2021-20136.nbin...
Improper access control
ManageEngine Log360 Builds 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log3...
CVE-2021-20136
ManageEngine Log360 Builds 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log3...
IBM DB2 后置链接漏洞
IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 for Linux, UNIX, and Windows including DB2 Connect Server has a backlink vulnerability that can be exploit...
Logic Flaw Vulnerability in CareyShop of Ningbo Humen Technology Co.
CareyShop is a high-performance open source mall framework system based on ThinkPHP framework development. Ningbo Humen Technology Co. CareyShop has a logic flaw vulnerability that can be exploited by an attacker to read the database configuration file...
xiycms backend has arbitrary file read vulnerability
xiycms is an open source and free enterprise content management system. xiycms backend has an arbitrary file read vulnerability. An attacker can exploit the vulnerability to read the database configuration file...
ImpressCMS: SQL injection when configuring a database
Summary: I found a SQL Injection in the form of a system install Database configuration Steps To Reproduce: - Run command: git clone https://github.com/ImpressCMS/impresscms.git - Stop at a menu item: Database configuration - In the Database name field, insert the following exploit: sql...
Carina - Webshell, Virtual Private Server (VPS) And cPanel Database
Carina is a web application used to store webshell, Virtual Private Server VPS and cPanel data. Carina is made so that we don't need to store webshell, VPS or cPanel data in "strange places". Screenshots Install Carina 1. $ git clone https://github.com/c0delatte/carina && cd carina 2. Run compose...
Arbitrary Code Execution
froxlor/froxlor is vulnerable to arbitrary code execution. The backupExistingDatabase in install/lib/class.FroxlorInstall.php allows remote attackers with access to the installation routine to execute arbitrary code due to the unescaped database configuration options being passed to exec...
CVE-2020-10235
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...
CVE-2020-10235
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...
Code injection
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...
CVE-2020-10235
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...
CVE-2013-0192
File Disclosure in SMF SimpleMachines Forum = 2.0.3: Forum admin can read files such as the database config...
TitanHQ WebTitan Information Disclosure Vulnerability
TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A security vulnerability exists in TitanHQ WebTitan versions prior to 5.18. An attacker could exploit the vulnerability to disclose database configuration files...
CVE-2019-19018
An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using...