907 matches found
CVE-2020-15099
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...
CVE-2024-6297
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...
Gogs allows argument Injection when tagging new releases
Impact Unprivileged user accounts with at least one SSH key can read arbitrary files on the system. For instance, they could leak the configuration files that could contain database credentials database and security SECRETKEY. Attackers could also exfiltrate TLS certificates, other users'...
GHSA-M27M-H5GJ-WWMG Gogs allows argument Injection when tagging new releases
Impact Unprivileged user accounts with at least one SSH key can read arbitrary files on the system. For instance, they could leak the configuration files that could contain database credentials database and security SECRETKEY. Attackers could also exfiltrate TLS certificates, other users'...
Database Credentials Exposure
thorsten/phpmyfaq is vulnerable to Database Credentials Exposure. The vulnerability is due to improper error handling, which allows an attacker to obtain the database server's credentials when the connection to the database fails...
GHSA-VRJR-P3XP-XX2X phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
Summary Exposure of database ie postgreSQL server's credential when connection to DB fails. Details Exposed database credentials upon misconfig/DoS @ permalink: https://github.com/thorsten/phpMyFAQ/blob/main/phpmyfaq/src/phpMyFAQ/Setup/Installer.phpL694 PoC When postgreSQL server is unreachable, ...
CVE-2024-54141
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...
CVE-2024-54141
phpMyFAQ prior to 4.0.0 is vulnerable to proper error handling that exposes the database server credentials when a DB connection fails. This affects the phpMyFAQ software (PHP 8.1+ with MySQL/PostgreSQL and other databases) and can allow an attacker to obtain credentials from error messages, pote...
CVE-2024-54141 phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...
phpMyFAQ 安全漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 4.0.0, which stems from exposing the database server credentials when a connection to the DB fails...
Versa Networks Versa Director insecure default PostgreSQL configuration
RISK EVALUATION Versa Networks Versa Director, by default, configures PostgreSQL to listen on all network interfaces using database credentials shared by multiple installations. From Advising Vulnerability In Versa Director: "This combination allows an unauthenticated attacker to access and...
Oracle Demantra Database Credentials Leak
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Demantra Database Credentials Leak', 'Description' = %q This module exploits a database credentials leak found in Oracle Demantra 12.2.1 i...
CVE-2024-38885
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application...
PT-2024-15291 · Yugabyte · Yugabyte Platform
Name of the Vulnerable Software and Affected Versions: Yugabyte Platform affected versions not specified Description: The issue concerns information exposure in the logging system, allowing local attackers with access to application logs to obtain database user credentials in log files. This coul...
CVE-2024-6297 Several WordPress.org Plugins <= Various Versions - Injected Backdoor
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...
CVE-2024-6297
CVE-2024-6297 refers to multiple WordPress plugins where the plugin source code was compromised, injecting backdoors that exfiltrate database credentials and can create new administrator users. Public disclosures from Red Hat and Wordfence confirm a high‑risk, internal compromise affecting severa...
WordPress Plugin Several WordPress.org Security Vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
jberet: jberet-core logging database credentials
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...
jberet: jberet-core logging database credentials
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...
jberet: jberet-core logging database credentials
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...