319 matches found
CVE-2004-2718
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request...
CVE-2004-2436
Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges...
CVE-2004-2268
PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php...
CVE-2004-1611
SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to 1 execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle MITM attack, or 2 obtain the database password via a GetConnection...
CVE-2003-0013
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by...
CVE-2003-0013
CVE-2003-0013 concerns Bugzilla’s default .htaccess behavior. The bug is that backups of localconfig created by editors (e.g., vi, Emacs; often .swp or ~ files) were not blocked by the default .htaccess, potentially allowing remote attackers to download a backup and obtain the database password. ...
CVE-2004-0702
DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information...
CVE-2004-0702
Bugzilla 2.17.1–2.17.7 is affected by CVE-2004-0702: the DBI layer displays the database password in an error message when the SQL server is not running, enabling potential information disclosure to remote attackers. The issue concerns the Bugzilla CGI/database interaction rather than input valid...
BEA WebLogic Server stores database password in clear text in "config.xml"
Overview WebLogic Server contains a vulnerability that may expose the database username and password in clear text in the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...
Aardvark Topsites 4.1.0 Vulnerabilities
Vendor : Aardvarkind URL : http://www.aardvarkind.com Version : Aardvark Topsites PHP 4.1.0 Risk : Multiple Vulnerabilities Description: Aardvark Topsites is a popular free PHP topsites script. See URL for details. Plaintext Database Pass Weakness: The login info for the database being used by...
CVE-2003-0499
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations...
CVE-2003-0499
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations...
CVE-2003-0499
CVE-2003-0499 affects Mantis 0.17.5 and earlier, where the database password is stored in cleartext in a world-readable configuration file. This permits local users to perform unauthorized database operations due to exposed credentials. Public sources in the connected documents confirm Debian DSA...
FileMaker Pro network protocol sends passwords to any client attempting to connect to a shared database.
I recently discovered a serious bug in FileMaker Pro's database sharing. FileMaker have just released an advisory about this on their security pages: http://www.filemaker.com/support/security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: FileMaker Pro network protocol sends passwords to...
[BUGZILLA] Security Advisory - remote database password disclosure
Bugzilla Security Advisory January 2nd, 2002 Severity: major remote database password disclosure, bug 186383 minor local file permissions, bug 183188 Summary ======= All Bugzilla installations are advised to upgrade to the latest versions of Bugzilla, 2.14.5 and 2.16.2, both released today...
CVE-2001-1258
Horde Internet Messaging Program IMP before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server...
CVE-2000-0485
Summary: The provided documents describe a vulnerability in Microsoft SQL Server related to Data Transformation Services (DTS) Password handling. Local users can obtain database passwords via the DTS package Properties dialog, i.e., the "DTS Password" vulnerability. The available records do not s...
CVE-1999-0364
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data...
CVE-1999-0364
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data...