CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

CVE-2020-36939 Cassandra Web 0.5.0 - Remote File Read

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...

EUVD-2018-3123

Malware in sbrugna...

EUVD-2015-5912

Malware in sbrugna...

EUVD-2011-1655

Malware in sbrugna...

EUVD-2025-25429

Malicious code in bioql PyPI...

CVE-2025-8895 WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

CVE-2025-55169

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...

CVE-2025-48709

CVE-2025-48709 affects BMC Control-M/Server 9.0.21.300, where credentials are stored in cleartext and exposed via process lists and logs. The root cause is the control path when a database connection is active: Control-M/Server runs DBUStatus.exe, which invokes dbu_connection_details.vbs with the...

CVE-2024-1102 Jberet: jberet-core logging database credentials

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

SolarWinds Orion Platform < 2020.2.4 Multiple Vulnerabilities

According to its self-reported version number, the version of SolarWinds Orion Platform is prior to 2020.2.4. It is, therefore, affected by multiple vulnerabilities: - The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn't set permissions ...

CVE-2020-5406

VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with...

CVE-2017-18345

The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=comjoomanager&controller=details&task=download&path=configuration.php request...

Design/Logic Flaw

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document...

TorrentFlux 2.2 Database Credentials Exposure Exploit

No description provided by source. Description: TorrentFlux fails to sanitise the variable "alias" in downloaddetails.php. This allows an attacker to include any file they want; the contents is displayed at in the spaces provided and the remaning data is displayed as error messages on the page...

CVE-2002-1886

TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password...

CGIscript.net - csNews.cgi - Multiple Vulnerabilities

CGIscript.net - csNews.cgi - Multiple Vulnerabilities --------------------------------------------------------------------- Date : June 11, 2002 Product : csNews.cgi csNews standard csNews.cgi csNews Pro Vendor : WWW.CGIscript.NET, LLC. Homepage : http://www.cgiscript.net/ DISCUSSION:...