Drupal 9.3.x < 9.3.22 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 9.3.x prior to 9.3.22 or 9.4.x prior to 9.4.7. Drupal uses the Twig third-party library for content templating and sanitization. Multiple vulnerabilities are possible if an untrusted user has access...

Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016

Drupal uses the Twig third-party library for content templating and sanitization. Twig has released a security update that affects Drupal. Twig has rated the vulnerability as high severity. Drupal core's code extending Twig has also been updated to mitigate a related vulnerability. Multiple...

CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

Hardcoded credentials

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

Le-yan Personnel and Salary Management System 信任管理问题漏洞

Le-yan Personnel and Salary Management System is a personnel and salary management system from Le-yan, a Chinese company. A security vulnerability exists in the Le-yan Personnel and Salary Management System, which originates from having hard-coded database accounts and passwords in the site sourc...

CVE-2020-35992

Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file specifically, the LogPassword attribute within appconfig.ini, they would be able to decrypt the password stored within the configuration file. This woul...

CVE-2022-2653

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file i...

CVE-2022-2653

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file i...

Design/Logic Flaw

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file i...

CVE-2022-2653 Path Traversal in plankanban/planka

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file i...

CVE-2022-2653

The CVE-2022-2653 entry maps to a path traversal vulnerability in plankanban/planka (planka) that enables an attacker to read sensitive files such as configuration files and /proc/self/environ when the web server runs as root. Affected component is the web-accessible endpoint that uses a filename...

CVE-2022-2653 Path Traversal in plankanban/planka

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file i...

GLSA-202208-05 : Icinga Web 2: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-05 Icinga Web 2: Multiple Vulnerabilities - Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process...

Automotive Shop Management System SQL Injection Vulnerability

Automotive Shop Management System is an automotive shop management system. version 1.0 of Automotive Shop Management System contains a security vulnerability that could be exploited to dump all database credentials and gain administrator access...

Sourcecodesterk Doctor Appointment System SQL Injection Vulnerability

Sourcecodesterk Doctor Appointment System is an open source application from Sourcecodesterk. Provides an appointment function. Sourcecodesterk Doctor Appointment System version 1.0 contains a SQL injection vulnerability, which stems from the program does not adequately filter the searchresult.ph...

Adminer in Industrial Products

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Adminer Equipment: Adminer Vulnerability: Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

CVE-2022-20732

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...

Improper access control

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...

CVE-2022-20732 Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...