CVE-2018-11413

BearAdmin 0.5 is affected by CVE-2018-11413. A remote attacker can trigger directory traversal via /admin/databack/download.html?name=, e.g., name=../application/database.php, to read configuration credentials (MySQL) from the server. Affected component: databack/download.html handling of the nam...

CVE-2018-11413

An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration...

CVE-2018-7251

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred...

CVE-2018-7251

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred...

CVE-2018-7251

Anchor CMS 0.12.3 is vulnerable due to an error in config/error.php that exposes an errors.log URI. The log can contain MySQL credentials when errors occur (e.g., Too many connections), enabling information disclosure. Affected component: error logging; impact: credential exposure. Remediation: u...

CVE-2018-7251

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred...

Information Exposure

An issue was discovered in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as 'Too many connections' has occurred...

Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials

Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date:...

Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials

KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date: 2016.10.05 Publication URL:...

Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627)

According to its self-reported version number, the remote Junos Space version is prior to 13.3R1.8. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in RedHat JBoss application server. CVE-2010-0738, CVE-2010-1428,...

UBUNTU-CVE-2011-4898

DISPUTED wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attack...

CVE-2011-4898

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a...

CVE-2011-4898

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a...

TS Special Edition <= v.7.0 Multiple Vulnerabilities

Exploit for php platform in category web applications ==================================================== TS Special Edition = v.7.0 Multiple Vulnerabilities ==================================================== TS Special Edition = v.7.0 Multiple Vulnerabilities Dork: "Powered by TS Special...

DEBIAN-CVE-2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

CVE-2006-1210

The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these...

phpMyChat 0.14.5 Remote Improper File Permissions Exploit

Exploit for unknown platform in category web applications ========================================================= phpMyChat 0.14.5 Remote Improper File Permissions Exploit ========================================================= | | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security...

PHP &lt;= 4.3.9 &amp; phpBB 2.x with unserialize() Remote Exploit (compiled)

No description provided by source. // Compiled version: http://www.milw0rm.com/sploits/phpbbmemorydump.rar // Source serv.cpp is at the bottom of the page - str0ke // Notes from author: // compile with borland c++ freecommandlinetools : // bcc32 -c serv.cpp // bcc32 bbmemorydump.cpp serv.obj /...

CVE-2002-1479

Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges...

DEBIAN-CVE-2002-1479

Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges...