VulnCheck KEV: CVE-2024-30269

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has...

PT-2024-23310 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.5.0 Description: The issue concerns a database configuration information exposure. Visiting the "/de2api/engine/getEngine;.js" API endpoint via a browser reveals the platform's database configuration. The estimate...

对北京致远协创软件有限公司官方网站的一次渗透性测试

简要描述： 能不能积极确认漏洞，别总忽略！还能不能玩耍了！O∩∩O哈哈 详细说明： 由任意文件下载到读取数据库配置文件 查看伪静态文件 http://www.seeyon.com/.htaccess phpinfo http://www.seeyon.com/phpinfo.php 物理路径泄露 http://www.seeyon.com/inc/db.php 漏洞证明： 任意文件下载读取数据库配置文件 http://www.seeyon.com/downfile.php?file=/../inc/conn.php seeyon用户允许远程连接，利用navicat链接，成功控制数据库...

VP-ASP shopping cart software.

NOTE: Please Just ignore the tags, there just notes ect. to make a .txt document a little more readable, or not. short Several security issues in the VP-ASP shopping cart software dotPath Information Disclosure Vulnerability. dotInsecure perrmissions on configuration file. /short synopsis -Defaul...