CVE-2025-24337

CVE-2025-24337 : Affects WriteFreely up to version 0.15.1 when using MySQL. Local users can read the config.ini and disclose credentials due to insecure default config access. The impact is credential disclosure (confidentiality and integrity) for local attackers; exploitation is local. The provi...

PT-2024-40042 · Percona +2 · Percona +2

Name of the Vulnerable Software and Affected Versions: Froxlor versions 2.1.9 and earlier Description: The issue concerns the exposure of MySQL database credentials due to incorrect file permissions. In affected Froxlor instances configured to use pure-ftpd, the XML templates set chmod 644 for...

NETGEAR ProSAFE Network Management System 安全漏洞

NETGEAR ProSAFE Network Management System is a network management system from NETGEAR for centralized management, monitoring, and configuration of network devices. An elevation of privilege vulnerability exists in NETGEAR ProSAFE Network Management System, which stems from the use of default MySQ...

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2024-22901

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials...

Vinchin Backup And Recovery 7.2 Default MySQL Credentials

CVE ID: CVE-2024-22901 Title: Default MYSQL Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Description: A critical security issue, identified as CVE-2024-22901, has been discovered in Vinchin Backup & Recovery version 7.2. The software has been found to use default MYSQL credentials,...

PT-2024-2070 · Dell Emc · Dell Emc Networker

Name of the Vulnerable Software and Affected Versions: Dell EMC NetWorker versions 19.9 and all prior versions Description: The issue is related to insufficient protection of registration data, which may allow an attacker to obtain user registration data. Specifically, a plain-text password is...

CVE-2015-2179

The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments...

CVE-2015-2179

The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments...

Rails Security Vulnerabilities

Rails is a set of open source web application frameworks based on the Ruby language from the American Rails team. A security vulnerability exists in Rails version 0.10.3.8, which stems from allowing a local user to discover MySQL credentials by listing processes and their parameters...

CVE-2015-2179

The CVE-2015-2179 issue affects the xaviershay-dm-rails gem for Ruby, version 0.10.3.8, where a flaw in the execute() function in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb exposes sensitive information via the process table. This can allow local users to discover MySQL credentials ...

U.S. Dept Of Defense: Sensitive Data Exposure via wp-config.php file

Sensitive data exposure occurred via the wp-config.php file, which contained confidential information such as MySQL and AWS credentials and various keys. The vulnerability was found on a specific endpoint, and it could potentially provide unauthorized access to sensitive information to users who ...

CVE-2023-23752

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. Recent assessments: noraj at March 24, 2023 9:21am UTC reported: There are at least two ways to achieve RCE. Vector n°1 It leaks the MySQL credentials, in default a...

PT-2023-10312 · Oracle · Mysql Server

Name of the Vulnerable Software and Affected Versions: xaviershay-dm-rails gem version 0.10.3.8 Description: The issue allows local users to discover MySQL credentials by listing a process and its arguments. This is due to a flaw in the execute function in the...

Unspecified Vulnerability in Blaauw Remote Kiln Control (CNVD-2020-28486)

The Blaauw Remote Kiln Control is an automated ceramic kiln controller from Blaauw in the Netherlands. An unspecified vulnerability exists in Blaauw Remote Kiln Control. An attacker can exploit this vulnerability to access MySQL credentials in plaintext in /engine/db.inc, /lang/nl.bak, or...

CVE-2019-18868

Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak...

Session fixation

Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak...

CVE-2019-18868

Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak...

CVE-2019-18868

CVE-2019-18868 affects Blaauw Remote Kiln Control (v3.00r4). An unauthenticated attacker can read MySQL credentials in plaintext from /engine/db.inc, /lang/nl.bak, or /lang/en.bak, as stated across CVE records and related SOURCES. Root cause: credentials stored in cleartext within application fil...

Directory traversal

An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration...