CVE-2025-48709

CVE-2025-48709 affects BMC Control-M/Server 9.0.21.300, where credentials are stored in cleartext and exposed via process lists and logs. The root cause is the control path when a database connection is active: Control-M/Server runs DBUStatus.exe, which invokes dbu_connection_details.vbs with the...

U.S. Dept Of Defense: Exposed wp-config.php file

A copy of the WordPress configuration file wp-config.php was found at an endpoint. The file contained sensitive information, such as MySQL and AWS credentials, and various keys...

CVE-2025-53509

A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase. This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitra...

CVE-2025-52459

A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase. This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary...

Advantech iView 参数注入漏洞

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. The Advantech iView NetworkServlet.backupDatabase function parameter injection vulnerability can be exploited by an attacker to cause information disclosure, including sensiti...

CVE-2025-53509 Advantech iView Argument Injection

A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase. This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitra...

CVE-2025-52459 Advantech iView Argument Injection

A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase. This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary...

CVE-2025-52459 Advantech iView Argument Injection

A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase. This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary...

Advantech iView 参数注入漏洞

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A parameter injection vulnerability exists in Advantech iView, which originates from parameter injection in the NetworkServlet.restoreDatabase function and can be exploited by...

CVE-2025-1709 CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

CVE-2025-1709 CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

PT-2025-27772

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue involves several credentials for the local PostgreSQL database being stored in plain text, with some partially base64 encoded. Recommendations: At the moment, there is no...

CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

Exploit for CVE-2025-49132

CVE-2025-49132 Pterodactyl is a free, open-source game server...

PT-2025-29187 · Advantech · Advantech Iview

Name of the Vulnerable Software and Affected Versions: Advantech iView affected versions not specified Description: A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase function. An authenticated attacker with user-level privileges can...

Vulnerabilities fixed in Ivanti Workspace Control

Ivanti has fixed vulnerabilities in Ivanti Workspace Control Specifically for versions prior to 10.19.10.0. The vulnerabilities are in the hard-coded keys within Ivanti Workspace Control, specifically in versions prior to 10.19.10.0. These vulnerabilities allow local, authenticated attackers to...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control versions prior to 10.19.10.0, which stems from a...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control prior to version 10.19.0.0, which stems from a...

CVE-2025-1499

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user...

CVE-2024-29291

An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the...