CVE-2007-2766

lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh...

Michelle's L2J Dropcalc

============================================================================================== Title: Michelle's L2J Dropcalc Version: = v4 Web Site: http://www.msknight.com/comps/lineage2/myl2jdropcalc.htm Discovered By: Codebreak [email protected] | www.codebreak.tk...

Michelles L2J Dropcalc 4 - SQL Injection

Michelles L2J Dropcalc 4 - SQL Injection ============================================================================================== Title: Michelle's L2J Dropcalc Version: = v4 Web Site: http://www.msknight.com/comps/lineage2/myl2jdropcalc.htm Discovered By: Codebreak [email protected] ...

deV!Lz Clanportal [DZCP] <= 1.3.6 Arbitrary File Upload Vulnerability

No description provided by source. S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code and execute it,...

DZCP (deV!L_z Clanportal) 1.3.6 - Arbitrary File Upload

DZCP deV!Lz Clanportal 1.3.6 - Arbitrary File Upload S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code a...

tikiwiki 1.9.5 mysql password disclosure &amp; xss

/==========================================/ //tikiwiki version 1.9.5 CVS -Sirius- PoC // Product: Tikiwiki // URL: http://tikiwiki.org/ // RISK: critical /==========================================/ there's a critical security bug in tikiwiki version 1.9.5 CVS -Sirius- a anonymous user , can dum...

FreeBSD : plans -- multiple vulnerabilities (1709084d-4d21-11db-b48d-00508d6a62df)

Secunia reports : A vulnerability has been reported in Plans, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the 'evtid' parameter in 'plans.cgi' isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL querie...

VCardLITE-2.4.txt

=========================================================== Title: Vcard Lite Remote Vulnerabilitie Vulnerability discovery: Disruptor Date: 11/02/2006 Severity: Remote Users Can Execute Arbitrary Code. Affected version: . ------------------------------------------------------------- Fix 1-Remove...

CVE-2005-4661

The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password...

[SA17528] Campsite MySQL Password Exposure Mail Transfer Security Issue

TITLE: Campsite MySQL Password Exposure Mail Transfer Security Issue SECUNIA ADVISORY ID: SA17528 VERIFY ADVISORY: http://secunia.com/advisories/17528/ CRITICAL: Not critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Campsite 2.x http://secunia.com/product/6091/...

CVE-2004-1228

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default...

CVE-2004-1228

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default...

MySQL 4.1/5.0 - Zero-Length Password Authentication Bypass

!/usr/bin/perl The script connects to MySQL and attempts to log in using a zero-length password Based on the vuln found by NGSSecurity The following Perl script can be used to test your version of MySQL. It will display the login packet sent to the server and it's reply. Exploit copyright c 2004 ...

PHP setting leaks from .htaccess files on virtual hosts

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description If the server configuration "php.ini" file has "registerglobals = on" and a request is made to one virtual host which has "phpadminflag...

MySQL 3.x4.0.x - Weak Password Encryption

MySQL 3.x4.0.x - Weak Password Encryption // source: https://www.securityfocus.com/bid/7500/info MySQL has been reported to implement a weak password encryption algorithm. It has been reported that the MySQL function used to encrypt MySQL passwords makes just one pass over the password and employ...

MySQL 3.x/4.0.x - Weak Password Encryption

// source: https://www.securityfocus.com/bid/7500/info MySQL has been reported to implement a weak password encryption algorithm. It has been reported that the MySQL function used to encrypt MySQL passwords makes just one pass over the password and employs a weak left shift based cipher. The hash...

MySQL 3.23.x4.0.x - COM_CHANGE_USER Password Length Account

MySQL 3.23.x4.0.x - COMCHANGEUSER Password Length Account / source: https://www.securityfocus.com/bid/6373/info A flaw in the password authentication mechanism for MySQL may make it possible for an authenticated database user to compromise the accounts of other database users. The flaw lies in th...

CVE-2001-1255

WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database...

Проблемы с паролем MySQL в vpopmail

Пароль жестко вкомпилирован в исполняемый файл и может быть извлечен оттуда...

iScouter PHP Web Portal System, MySQL Password in clear text

Hi all, I have found that i can easily retrieve MySQL password of the last iScouter PHP Web Portal System. Exploit : www.your-iScouter-web-portal.com/config.inc You can find those lines in clear text: $CFGDBSERVERTYPE = "mySQL"; $CFGDBHOST = "www.your-iScouter-web-portal.com"; $CFGDBUSERNAME =...