889 matches found
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...
Code injection
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...
CVE-2021-39458
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...
CVE-2021-39458
The CVE-2021-39458 issue affects Yakamara Media Redaxo CMS 5.12.1, where an authenticated CMS user can trigger an error in the import process to swap files from a valid backup. This leads to leakage of database credentials stored in environment variables. The available connected documents confirm...
Yakamara Media Redaxo CMS 安全漏洞
Yakamara Media Redaxo CMS is Yakamara Media organization of a set of open source Web portal content management system . The system supports custom modules, plugin extensions, project backups and more. A security vulnerability exists in Yakamara Media Redaxo CMS version 5.12.1, which originates fr...
Design/Logic Flaw
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing CSB allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects:...
CVE-2021-35529 Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing CSB allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects:...
CVE-2021-35193
Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations that have the same software version. This provides remote access to SQL database credentials. In the normal use of the product, retrieving those...
Octopus Server 安全漏洞
Octopus Server is an automated deployment platform. Octopus Server is vulnerable to a plaintext storage of sensitive information, which stems from database passwords being written in plaintext to the OctopusServer.txt log file. No detailed vulnerability details are currently available...
Patreon WordPress Local File Disclosure Vulnerability
Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A local file disclosure vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit the vulnerability to obtain internal files such as database...
CVE-2021-24227
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials a...
CVE-2021-24227
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials a...
Arbitrary file deletion
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials a...
WordPress 信息泄露漏洞
Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A local file disclosure vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit the vulnerability to obtain internal files such as database...
GHSA-4HJQ-422Q-4VPX Mautic vulnerable to secret data exfiltration via symfony parameters
Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...
Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
The Jetpack Scan team identified a Local File Disclosure vulnerability in the plugin that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in t...
Code injection
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the applicatio...
CVE-2021-27124
SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack...
CVE-2021-27124
SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack...
Sql injection
SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack...