11 matches found
CVE-2020-37116
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
EUVD-2004-1225
Malware in sbrugna...
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
WordPress XCloner Plugin - Multiple Vulnerabilities
XCloner plugin is prone to multiple vulnerabilities, such as: unauthenticated remote access to backup files via easily guessable file names, arbitrary command execution and authenticated remote file access. Also, clear text MySQL password exposure through HTML text box. Solution Upgrade the plugi...
WordPress Plugin Joomla! Component XCloner - Multiple Vulnerabilities
WordPress Plugin Joomla! Component XCloner - Multiple Vulnerabilities Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
WordPress Plugin / Joomla! Component XCloner - Multiple Vulnerabilities
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
WordPress XCloner Plugin <= 3.1.1 - Multiple Vulnerabilities
There are multiple vulnerabilities in this plugin, such as arbitrary command execution, clear text MySQL password exposure through html text box under configuration panel, MySQL password exposed to process table, database backups exposed to local users due to open file permissions, authenticated...
DEBIAN-CVE-2007-5626
makecatalogbackup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffi...
[SA17528] Campsite MySQL Password Exposure Mail Transfer Security Issue
TITLE: Campsite MySQL Password Exposure Mail Transfer Security Issue SECUNIA ADVISORY ID: SA17528 VERIFY ADVISORY: http://secunia.com/advisories/17528/ CRITICAL: Not critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Campsite 2.x http://secunia.com/product/6091/...
PHP setting leaks from .htaccess files on virtual hosts
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description If the server configuration "php.ini" file has "registerglobals = on" and a request is made to one virtual host which has "phpadminflag...
iScouter PHP Web Portal System, MySQL Password in clear text
Hi all, I have found that i can easily retrieve MySQL password of the last iScouter PHP Web Portal System. Exploit : www.your-iScouter-web-portal.com/config.inc You can find those lines in clear text: $CFGDBSERVERTYPE = "mySQL"; $CFGDBHOST = "www.your-iScouter-web-portal.com"; $CFGDBUSERNAME =...