235 matches found
CVE-2017-1286
Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147...
CVE-2018-9327
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...
CVE-2018-9327
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...
WEM Admin Console Error: "Specified Infrastructure Server seems to be offline or have a wrong database configuration. Please check configuration and try again"
After performing in-place upgrade of the WEM Broker, The WEM Admin console gives the following error when trying to connect to the WEM site:. "Specified Infrastructure Server seems to be offline or have a wrong database configuration. Please check configuration and try again" Plus, when opening t...
Command Execution Vulnerability Due to Improper Filtering of Database Configuration File in MetInfo Version 5.3.18
MetInfo is a Content Management System CMS developed using PHP and Mysql. A security vulnerability exists in the backend of MetInfo version 5.3.18. The vulnerability is due to improper filtering of the database configuration file during program reinstallation, resulting in malicious code that can...
CVE-2016-7508
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding...
PHPCMS v9.5.10 suffers from a design vulnerability
PHPCMS is a website management software. The software adopts modular development and supports a variety of classification methods, using it can easily realize the design, development and maintenance of personalized websites. A design vulnerability exists in PHPCMS v9.5.10, which allows an attacke...
Version string portion was too short or too long
The article describes additional Veeam ONE database configuration required after deploying it manually...
New Relic: Sensitive information disclosure
I am able to download ciritcal files which include newrelic environment setup, setting uo of database which also says which database is used etc. I am able to access this information using a google dork Google dork:site:newrelic.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw |...
Cosa Nostra - A FOSS Graph Based Malware Clusterization Toolkit
Cosa Nostra is an open source software clustering toolkit with a focus on malware analysis. It can create phylogenetic trees of binary malware samples that are structurally similar. It was initially released during SyScan360 Shanghai 2016. Getting started Required 3rd party tools In order to use...
TeamPass Passwords Management System 2.1.26 - Arbitrary File Download
ADVISORY INFORMATION ======================================== Title: TeamPass Passwords Management System via Unauth File Download and Arbitrary File Download Application: TeamPass Passwords Management System Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected:...
Tiki Wiki CMS 15.0 - Arbitrary File Download
Exploit for php platform in category web applications Exploit Title: Tiki Wiki CMS 15.0 Arbitrary File Download Date: 11-07-2016 Software Link: https://tiki.org Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1...
DotNetNuke 07.04.00 - Administration Authentication Bypass
Exploit for asp platform in category web applications Exploit Title: DotNetNuke 07.04.00 Administration Authentication Bypass Date: 06-05-2016 Exploit Author: Marios Nicolaides Vendor Homepage: http://www.dnnsoftware.com/ Software Link: https://dotnetnuke.codeplex.com/releases/view/611324 Version...
Fedora 22 : php-horde-horde-5.2.9-1.fc22 (2016-3d1183830b)
horde 5.2.9 jan SECURITY: Fix XSS vulnerability in menu bar exposed by few applications Bug 14213. jan Add more detailed user DN settings to Kolab group configuration Request 11737. jan Fix returning to last page after problem reporting from AJAX pages Bug 12112. jan Fix custom database...
CVE-2015-5644
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...
Code injection
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...
Code injection
The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2015-5643
The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2015-5644
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...
JVN#08535069: MATCHA SNS vulnerable to code injection
MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Impact An unauthenticated attacker who can execute the installer may execute arbitrary PHP code on the server where...