CVE-2016-4401

Aruba ClearPass Policy Manager is affected by CVE-2016-4401. Affected versions are before 6.5.7 and 6.6.x before 6.6.2. The vulnerability allows attackers to obtain database credentials. No explicit root-cause, exploit details, or remediation steps are provided in the connected documents beyond t...

Anchor Information Disclosure Vulnerability

Anchor is an open source light blogging system. The system supports Markdown editor , custom fields and multiple languages and so on. An information disclosure vulnerability exists in the config/error.php file in Anchor version 0.12.3, which can be exploited to obtain database credentials with th...

Information Disclosure

ibmdb is vulnerable to information disclosure. The application prints the plaintext database credentials into log files while in debug mode. A local attacker will be able to access the log files and retrieve the credentials and gain access to the database...

Duplicator Pro 1.3.14 Local Information Disclosure

Product: Duplicator Pro Vendor: SnapCreek Website: https://snapcreek.com/ Discovered by: Evolution Hosting Version vulnerable: = 1.3.14 Fixed in: 1.3.15+ Vulnerability Type: Information Disclosure, local exposure of entire webinstallation content remotely triggerable: not for itself. Needs wp adm...

WordPress Advance Contact Form Plugin SQL Injection

An SQL injection vulnerability exists in WordPress Advance Contact Form Plugin. Successful exploitation of this vulnerability could lead to disclosure of database credentials...

WordPress Form Maker Plugin SQL Injection (CVE-2019-10866)

An SQL injection vulnerability exists in WordPress Form Maker Plugin. Successful exploitation of this vulnerability could lead to disclosure of database credentials...

Design/Logic Flaw

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server...

CVE-2019-3947

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server...

CVE-2019-3947

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server...

CVE-2019-3947

CVE-2019-3947 affects Fuji Electric V-Server prior to 6.0.33.0 where database credentials are stored in project files as plaintext. The underlying issue is the plaintext storage of credentials in project files, enabling an attacker who can access those files to recover the credentials and gain ac...

PT-2019-12182 · Tibco · Tibco Spotfire Statistics Services

Name of the Vulnerable Software and Affected Versions: TIBCO Spotfire Statistics Services versions up to and including 7.11.1 TIBCO Spotfire Statistics Services version 10.0.0 Description: The web interface component of TIBCO Spotfire Statistics Services contains an issue that could allow an...

CVE-2019-3891

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching...

CVE-2019-3891

It was discovered that a world-readable log file, belonging to the Candlepin component of Red Hat Satellite 6.4, leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from...

CVE-2019-0285

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio fixed in version 2010 discloses sensitive database information including credentials which can be misused by the attacker...

CVE-2019-0285

SAP Crystal Reports for Visual Studio contains a vulnerability in the .NET SDK WebForm Viewer where the viewer discloses sensitive database information, including credentials. The issue affects the WebForm Viewer component used by the SAP Crystal Reports for Visual Studio environment and is descr...

IDenticard PremiSys Default Database Credentials (CVE-2019-3909)

Default database username and password exist in the IDenticard PremiSys database . The vulnerability is due to users are unable to change these passwords without vendor intervention. A remote attacker can exploit this vulnerability to access the database with administrator privileges...

ThinkSNS V4.6 Session suffers from information leakage vulnerability

ThinkSNS is an open source social system under Wise Software Beijing Co. ThinkSNS V4.6 Session suffers from an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information such as database username and password...

Design/Logic Flaw

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain...

CVE-2018-11079

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain...

CVE-2018-11079

CVE-2018-11079 affects Dell EMC Secure Remote Services (ESRS) prior to 3.32.00.08. The vulnerability is plaintext storage of database credentials in a configuration file, allowing an authenticated user with access to that file to obtain the password and gain access to the application database. Se...