Mail.ru: Database read through file attachment [content://]

Local malicious application selected as a file picker by user could obtain access to ICQ for Android local database by returning a content URI...

CVE-2019-20574

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 August 2019...

CVE-2020-8988

The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers after using root access to make a copy of the local database to discover login credentials and voting history via an offline brute-force approach...

CVE-2020-8988

The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers after using root access to make a copy of the local database to discover login credentials and voting history via an offline brute-force approach...

CVE-2018-1633

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434...

CVE-2019-10916

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC TI...

CVE-2019-10916

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC TI...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC TI...

Jok3R - Network And Web Pentest Framework

Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challengin...

The vulnerability in the local database of the Cisco Energy Management Suite allows a perpetrator to disclose or modify protected information.

The vulnerability of the configuration of the local database in the Cisco Energy Management Suite is related to the use of pre-installed registration data. Exploiting this vulnerability could allow an attacker to disclose or modify the protected information...

CVE-2018-0468

The CVE-2018-0468 issue affects Cisco Energy Management Suite (CEMS) configured with PostgreSQL using unchanged default access credentials. An authenticated, local attacker can log in to the host and connect to the bundled PostgreSQL database to access and modify confidential data. The advisory n...

Mail.ru: ОДМИН ТЭСТ

Test script on jw-cn-test-1.ext.terrhq.ru could be used to disclosure local database account. Database itself was not accessible...

Network and Web Pentest Framework: Jok3r

Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challengin...

CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

WordPress Adminer 1.4.4 Interface Exposure Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ WordPress Adminer plugin allows public local database login ------------------------------------------------------------------------ David Vaartjes, July 2016...

WordPress Adminer Plugin Allows Public Admin (Local) Database Login Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. The WordPress Adminer plugin allows public administrative local database logins, which can be exploited by an attacker to log...

Cisco Firepower Management Center Console Authentication Bypass Vulnerability

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. The Cisco Firepower Threat Management Console uses a weak password for the root account of the local MySQL database, which can be exploited by an attacker to gain system...

Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure

Navicat Premium 11.2.11 64bit Local Password Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.navicat.com/ Date 05/09/2016 Bug Discovered by Yakir Wizman https://www.linkedin.com/in/yakirwizman http://www.black-rose.ml Special Thanks & Greetings to...

Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure

Navicat Premium 11.2.11 x64 - Local Database Password Disclosure Navicat Premium 11.2.11 64bit Local Password Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.navicat.com/ Date 05/09/2016 Bug Discovered by Yakir Wizman...

[SECURITY] Fedora 22 Update: monotone-1.1-13.fc22

monotone is a free, distributed version control system. It provides fully disconnected operation, manages complete tree versions, keeps its state in a local transactional database, supports overlapping branches and extensible metadata, exchanges work over plain network protocols, performs...