83 matches found
CVE-2015-7224
puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysqluser' user parameter contains a host with a netmask...
A Managed Password Cracking Tool: GoCrack
FireEye’s Innovation and Custom Engineering ICE team released a tool called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI to create, view, and manage tasks. Simply deploy a GoCrack server...
Database Authentication Failure(s) for Provided Credentials
Nessus was unable to log into one or more detected database systems for which credentials have been provided in order to perform authenticated checks. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid91822; scriptversion"$Revision: 1.2 $"; scriptcvsdate"$Date: 2017/12/...
Oracle-Database-Authentication
Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database. This vulnerability affects Oracle Database 11g Release 1 and 11g Relea...
CVE-2014-8749
CVE-2014-8749 concerns a Server-Side Request Forgery (SSRF) in the BulletProof Security WordPress plugin, affecting admin/htaccess/bpsunlock.php. The vulnerability allows an attacker to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter. Affected product/v...
DWebPro 3.4.1 Http.ini Plaintext Password Storage Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8438/info A vulnerability has been reported to exist in the DWebPro web server software. This problem allows an attacker to view database authentication credentials by accessing a plain text file named 'http.ini'. An...
TightAuction 3.0 Config.INC Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5850/info TightAuction is prone to an information disclosure vulnerability. The configuration file config.inc contains sensitive information such as database authentication credentials. It is possible for remote attackers...
RTTucson Quotations Database Script - Authentication Bypass
RTTucson Quotations Database Script Auth Bypass SQL Injection Vulnerability By cr4wl3r http://bastardlabs.info Script: http://www.rttucson.com/files.html Bugs found /quotations/admin/include/login.php --------------------------- 36 if $POST'submit' 37 38 $Username = $POST'Username'; 39 $Password ...
Fedora Update for perl-RT-Authen-ExternalAuth FEDORA-2012-11337
Check for the Version of perl-RT-Authen-ExternalAuth OpenVAS Vulnerability Test Fedora Update for perl-RT-Authen-ExternalAuth FEDORA-2012-11337 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Fedora Update for perl-RT-Authen-ExternalAuth FEDORA-2012-11360
Check for the Version of perl-RT-Authen-ExternalAuth OpenVAS Vulnerability Test Fedora Update for perl-RT-Authen-ExternalAuth FEDORA-2012-11360 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
BaconMap Local File Include and SQL Injection Vulnerabilities
BaconMap is prone to a local file-include vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...
IceBB 1.0-rc6 - Remote Database Authentication Details
./includes/functions.php, line 73 $ip = empty$SERVER'HTTPXFORWARDEDFOR' ? $SERVER'REMOTEADDR' : $SERVER'HTTPXFORWARDEDFOR'; $ip = $this-cleankey$ip; $input'ICEBBUSERIP' = $ip; ./icebb.php, line 169 $icebb-clientip = $input'ICEBBUSERIP'; ./admin/index.php, line 112 $icebb-adsess =...
IceBB 1.0-rc6 - Remote Database Authentication Details
IceBB 1.0-rc6 - Remote Database Authentication Details ./includes/functions.php, line 73 $ip = empty$SERVER'HTTPXFORWARDEDFOR' ? $SERVER'REMOTEADDR' : $SERVER'HTTPXFORWARDEDFOR'; $ip = $this-cleankey$ip; $input'ICEBBUSERIP' = $ip; ./icebb.php, line 169 $icebb-clientip = $input'ICEBBUSERIP';...
vBulletin 3.6.4 - 'inlinemod.php?postids' SQL Injection
input-cleanarraygpc'p', array 'postids' = TYPESTR, ; $postids = explode',',...
TikiWiki: Multiple vulnerabilities
Background TikiWiki is an open source content management system written in PHP. Description In numerous files TikiWiki provides an empty sortmode parameter, causing TikiWiki to display additional information, including database authentication credentials, in certain error messages. TikiWiki also...
phpbb2015dad.txt
!/usr/bin/perl phpBB 2.0.15 Viewtopic.PHP Remote Code Execution Vulnerability This exploit gives the user all the details about the database connection such as database host, username, password and database name. Written by SecureD, gvr.securedgmailcom,2005 Greetings to GvR, Jumento, PP, CKrew &...
phpBB 2.0.15 (highlight) Database Authentication Details Exploit
No description provided by source. !/usr/bin/perl tested and working /str0ke...
phpBB 2.0.15 - 'highlight' Database Authentication Details
!/usr/bin/perl tested and working /str0ke...
phpBB 2.0.15 - highlight Database Authentication Details
phpBB 2.0.15 - highlight Database Authentication Details !/usr/bin/perl tested and working /str0ke...
Debian DSA-347-1 : teapop - SQL injection
teapop, a POP-3 server, includes modules for authenticating users against a PostgreSQL or MySQL database. These modules do not properly escape user-supplied strings before using them in SQL queries. This vulnerability could be exploited to execute arbitrary SQL code under the privileges of the...