Lucene search
+L

319 matches found

nvd
nvd
added 2004/12/31 5:0 a.m.15 views

CVE-2004-2718

PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request...

4.3CVSS6AI score0.01657EPSS
Exploits0References2
nvd
nvd
added 2004/12/31 5:0 a.m.15 views

CVE-2004-2436

Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges...

2.1CVSS6.7AI score0.00472EPSS
Exploits0References5
nvd
nvd
added 2004/12/31 5:0 a.m.10 views

CVE-2004-2268

PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php...

5CVSS6.5AI score0.01388EPSS
Exploits0References5
nvd
nvd
added 2004/10/18 4:0 a.m.16 views

CVE-2004-1611

SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to 1 execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle MITM attack, or 2 obtain the database password via a GetConnection...

5.1CVSS7.3AI score0.01581EPSS
Exploits1References8
cvelist
cvelist
added 2004/09/01 4:0 a.m.23 views

CVE-2003-0013

The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by...

6.5AI score0.02083EPSS
Exploits0References5
cve
cve
added 2004/09/01 4:0 a.m.67 views

CVE-2003-0013

CVE-2003-0013 concerns Bugzilla’s default .htaccess behavior. The bug is that backups of localconfig created by editors (e.g., vi, Emacs; often .swp or ~ files) were not blocked by the default .htaccess, potentially allowing remote attackers to download a backup and obtain the database password. ...

7.5CVSS6.5AI score0.02083EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2004/07/21 4:0 a.m.23 views

CVE-2004-0702

DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information...

7.4AI score0.01196EPSS
Exploits0References3
cve
cve
added 2004/07/21 4:0 a.m.52 views

CVE-2004-0702

Bugzilla 2.17.1–2.17.7 is affected by CVE-2004-0702: the DBI layer displays the database password in an error message when the SQL server is not running, enabling potential information disclosure to remote attackers. The issue concerns the Bugzilla CGI/database interaction rather than input valid...

5CVSS7.5AI score0.01196EPSS
Exploits0References3Affected Software1
cert
cert
added 2004/04/19 12:0 a.m.20 views

BEA WebLogic Server stores database password in clear text in "config.xml"

Overview WebLogic Server contains a vulnerability that may expose the database username and password in clear text in the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...

6.7AI score
Exploits0References5
securityvulns
securityvulns
added 2003/12/17 12:0 a.m.36 views

Aardvark Topsites 4.1.0 Vulnerabilities

Vendor : Aardvarkind URL : http://www.aardvarkind.com Version : Aardvark Topsites PHP 4.1.0 Risk : Multiple Vulnerabilities Description: Aardvark Topsites is a popular free PHP topsites script. See URL for details. Plaintext Database Pass Weakness: The login info for the database being used by...

8.4AI score
Exploits0
nvd
nvd
added 2003/08/07 4:0 a.m.12 views

CVE-2003-0499

Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations...

3.6CVSS6.3AI score0.00383EPSS
Exploits0References1
cvelist
cvelist
added 2003/07/04 4:0 a.m.20 views

CVE-2003-0499

Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations...

6.3AI score0.00383EPSS
Exploits0References1
cve
cve
added 2003/07/04 4:0 a.m.44 views

CVE-2003-0499

CVE-2003-0499 affects Mantis 0.17.5 and earlier, where the database password is stored in cleartext in a world-readable configuration file. This permits local users to perform unauthorized database operations due to exposed credentials. Public sources in the connected documents confirm Debian DSA...

3.6CVSS6.4AI score0.00383EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/04/12 12:0 a.m.50 views

FileMaker Pro network protocol sends passwords to any client attempting to connect to a shared database.

I recently discovered a serious bug in FileMaker Pro's database sharing. FileMaker have just released an advisory about this on their security pages: http://www.filemaker.com/support/security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: FileMaker Pro network protocol sends passwords to...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2003/01/03 12:0 a.m.59 views

[BUGZILLA] Security Advisory - remote database password disclosure

Bugzilla Security Advisory January 2nd, 2002 Severity: major remote database password disclosure, bug 186383 minor local file permissions, bug 183188 Summary ======= All Bugzilla installations are advised to upgrade to the latest versions of Bugzilla, 2.14.5 and 2.16.2, both released today...

7.1AI score
Exploits0
cvelist
cvelist
added 2002/05/03 4:0 a.m.24 views

CVE-2001-1258

Horde Internet Messaging Program IMP before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server...

6.6AI score0.00464EPSS
Exploits1References6
cve
cve
added 2000/10/13 4:0 a.m.65 views

CVE-2000-0485

Summary: The provided documents describe a vulnerability in Microsoft SQL Server related to Data Transformation Services (DTS) Password handling. Local users can obtain database passwords via the DTS package Properties dialog, i.e., the "DTS Password" vulnerability. The available records do not s...

2.1CVSS6.6AI score0.02389EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2000/02/04 5:0 a.m.30 views

CVE-1999-0364

Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data...

6.6AI score0.05193EPSS
Exploits0References1
nvd
nvd
added 1999/01/01 5:0 a.m.16 views

CVE-1999-0364

Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data...

10CVSS6.6AI score0.05193EPSS
Exploits0References1
Rows per page
Query Builder