CVE-2023-6375

Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials...

CVE-2023-6375

Tyler Technologies Magistrate Court Case Management Plus stores backups insecurely, enabling remote, unauthenticated access. Backups may expose sensitive data, including database credentials. Root cause: insufficient access controls for backup locations. Impact: confidentiality risk; no exploitat...

PT-2023-32632 · Tyler Technologies · Tyler Technologies Court Case Management Plus

Name of the Vulnerable Software and Affected Versions: Tyler Technologies Court Case Management Plus affected versions not specified Description: The issue concerns insufficient permission checks, allowing unauthorized access to sensitive information. Specifically, backups may be stored in a...

Information Disclosure

Apache DolphinScheduler is vulnerable to Information Disclosure. The vulnerability is due to insecure application exposure configuration, which allows an unauthenticated attacker to steal sensitive information such as database credentials...

GHSA-4VVC-R4P4-QGRR Apache DolphinScheduler sensitive information disclosure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable...

Apache DolphinScheduler sensitive information disclosure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable...

CVE-2023-48796

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable...

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable...

CVE-2023-48796 Apache dolphinscheduler sensitive information disclosure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable...

CVE-2023-48796

CVE-2023-48796 affects Apache DolphinScheduler (3.0.0–3.0.1). Root cause: exposure of sensitive information to unauthorized actors via the management endpoints web exposure, enabling leakage such as database credentials. Impact per sources: unauthorized access to sensitive data; high CVSS appears...

Apache DolphinScheduler Information Disclosure Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache USA Foundation. An information disclosure vulnerability exists in Apache DolphinScheduler version 3.0.0 through versions prior to 3.0.2. An attacker could exploit the vulnerability to...

Information Disclosure

wordpress is vulnerable to Information DIsclosure. This vulnerability allows an attacker to exploit a flaw in the way that WordPress handles certain HTTP requests to expose sensitive information, such as user passwords and database credentials...

CVE-2023-26573

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials...

CVE-2023-26573 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials...

PT-2023-20739 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the SetDB method, which can lead to denial of service or theft of database login credentials. Recommendations: For versions 3.1.052 and...

CVE-2023-42454 SQLpage vulnerable to public exposure of database credentials

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

CVE-2023-42454 SQLpage vulnerable to public exposure of database credentials

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

CVE-2023-4588

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

CVE-2023-4588

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

CVE-2023-4588 File accessibility vulnerability in Delinea Secret Server

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...