OpenGnsys 信息泄露漏洞

OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. An information disclosure vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from the presence of an information exposure vulnerability that allows an attacker to view a php back...

PT-2024-27275 · Opengnsys · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to view a php backup file, specifically controlaccess.php-LAST, where database credentials are stored. This is an information exposure vulnerability. Recommendations: F...

CVE-2024-3165

System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top...

PT-2024-24175 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: dotCMS affected versions not specified Description: The issue is related to the System-Maintenance- Log Files in the dotCMS dashboard, which is providing the username/password for database connections in the log output. This is considered a...

DotCMS 安全漏洞

DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in DotCMS that originates in the log files that provide usernames and passwords for database connections...

CVE-2023-50894

In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information...

CVE-2023-50894

In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information...

CVE-2023-50894

In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information...

CVE-2024-25649

In Delinea PAM Secret Server 11.4, it is possible for an attacker with Administrator access to the Secret Server machine to read the following data from a memory dump: the decrypted master key, database credentials when SQL Server Authentication is enabled, the encryption key of RabbitMQ queue...

PT-2024-21064

Name of the Vulnerable Software and Affected Versions Delinea PAM Secret Server version 11.4 Description The issue allows an attacker with Administrator access to the Secret Server machine to read sensitive data from a memory dump, including the decrypted master key, database credentials when SQL...

CVE-2024-1302

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...

Information disclosure

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...

CVE-2024-1302 Multiple Vulnerabilities in Badger Meter's Monitool

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...

CVE-2024-1302 Multiple Vulnerabilities in Badger Meter's Monitool

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...

PT-2024-17878 · Badger Meter · Badger Meter Monitool

Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions up to 4.6.3 and earlier Description: The issue allows a local attacker to change the application's file parameter to a log file, obtaining sensitive information such as database credentials. Recommendations: For...

Mozilla: two aws access key and secret key and database username and password exposed

A security vulnerability was identified in a Docker image hosted on Docker Hub. The image, associated with Mozilla's Common Voice project, was found to contain exposed AWS access keys, AWS secret keys, and database credentials. These sensitive credentials were discovered within the file...

Mars: sensitive data-creds for database - private key

The sensitive database credentials, including a username, password, and a private key, were discovered in a publicly accessible GitHub repository. The credentials were stored in plaintext within a configuration file, exposing them to anyone who could access the repository...

CVE-2024-1344

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOFservice.exe' and 'LaborOfficeFree.exe' located in the '%programfilesx86%\LaborOfficeFree' directory. This user ca...

CVE-2024-1344 Encrypted database credentials in LaborOfficeFree

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOFservice.exe' and 'LaborOfficeFree.exe' located in the '%programfilesx86%\LaborOfficeFree' directory. This user ca...

CVE-2024-1344 Encrypted database credentials in LaborOfficeFree

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOFservice.exe' and 'LaborOfficeFree.exe' located in the '%programfilesx86%\LaborOfficeFree' directory. This user ca...