889 matches found
Dell EMC ESRS Virtual Edition Plaintext Password Storage Vulnerability
Dell EMC ESRS is a secure storage product from DEll. A plaintext password storage vulnerability exists in Dell EMC ESRS Virtual Edition that originates when database credentials are stored in plaintext in a configuration file. An authenticated, malicious user with access to the configuration file...
Old WordPress Plugin Being Exploited in RCE Attacks
Researchers are warning that attackers are abusing a vulnerability in WordPress site admins’ outdated versions of a migration plugin called Duplicator – allowing them to execute remote code. Made by Snap Creek Software, all Duplicator plugins earlier than version 1.2.42 are vulnerable to the...
Joomanager Component Information Disclosure Vulnerabilities
Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other features . Joomanager is used in one of the site advertising module . An information disclosure vulnerability exists in the Joomanager...
CVE-2017-18345
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=comjoomanager&controller=details&task=download&path=configuration.php request...
CVE-2017-18345
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=comjoomanager&controller=details&task=download&path=configuration.php request...
CVE-2018-15808
POSIM EVO 15.13 for Windows stores hardcoded credentials for the root database user. This could give an attacker with network access to the POSIM EVO database the ability to access/modify data and potentially remotely execute code on POSIM EVO clients. Multiple sources document hardcoded credenti...
Online Trade 1 Information Disclosure
Exploit Title: Online Trade 1 - Information Disclosure Exploit Author: Dhamotharan Date: 2018-07-17 Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE : CVE-2018-14328 Version: 1 Tested on: Kali Linux Description :...
SS-2018-018: Database credentials disclosure during connection failure
More info at https://www.silverstripe.org/download/security-releases/ss-2018-018/...
Red Hat oVirt ovirt-engine Information Disclosure Vulnerability
Red Hat oVirt is an open source virtualization management platform from Red Hat, an open source version of RHEV Platform for Enterprise Virtualization, consisting of the oVirt-node client and the overt-engine management side. oVirt-engine is one of the management engines. An information disclosur...
Online Trade - Information Disclosure
Online Trade - Information Disclosure Exploit Title: Online Trade 1 - Information Disclosure Date: 2018-07-03 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE: CVE-2018-12908 Version: 1 Tested on...
Online Trade - Information Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Trade 1 - Information Disclosure Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE: CVE-2018-12908 Version: 1 Tested on:...
Online Trade - Information Disclosure
Exploit Title: Online Trade 1 - Information Disclosure Date: 2018-07-03 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE: CVE-2018-12908 Version: 1 Tested on: Win 10...
Design/Logic Flaw
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials...
CVE-2018-12908
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials...
CVE-2018-12908
CVE-2018-12908 affects Brynamics “Online Trade” system. Connected documents describe an information-disclosure vulnerability where remote attackers can obtain sensitive data by directly requesting several dashboard endpoints, notably /dashboard/deposit (and related paths such as /dashboard/addpla...
ovirt-engine-setup: unfiltered db password in engine-backup log
A flaw was found in ovirt-engine. When engine-backup was run with one of the options "--provisiondb", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords...
CVE-2018-1072
A flaw was found in ovirt-engine. When engine-backup was run with one of the options "--provisiondb", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords...
PvPGN Stats SQL Injection Vulnerability (CNVD-2018-14337)
PvPGN Stats is a PHP-based tool that supports the integration of websites with the PvPGN game server, displaying server status, ladder pages, and more. A SQL injection vulnerability exists in the ladder/stats.php file in PvPGN Stats version 2.4.6, which stems from the program failing to filter...
PvPGN Stats SQL Injection Vulnerability
PvPGN Stats is a PHP-based tool that supports the integration of websites with the PvPGN game server, displaying server status, ladder pages, and more. A SQL injection vulnerability exists in the ladder/stats.php file in PvPGN Stats version 2.4.6, which stems from the program failing to filter...
CVE-2018-11413
An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration...