889 matches found
Arbitrary File Read Vulnerability in Rice CMS
DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. A vulnerability exists in version 5.9.9 of DAMI CMS, which can be exploited by...
Razer US: Database credentials leak at http://drivers.razersupport.com/.bash_history
The researcher discovered that the .bashhistory on this server had improper permissions, which allowed public viewing of the files. When a DB admin eventually executed a command involving clear text credentials for the database, this exposed the password for that database a Kayako DB used for...
Debian: Security Advisory (DSA-4047-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Open Ticket Request System Agent Frontend Information Disclosure Vulnerability
Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and service personn...
DEBIAN-CVE-2017-15864
In the Agent Frontend in Open Ticket Request System OTRS 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password...
UBUNTU-CVE-2017-15864
In the Agent Frontend in Open Ticket Request System OTRS 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password...
Updated roundcubemail packages fix security vulnerability
It was discovered that roundcubemail contained a zero-day file disclosure vulnerability caused by insuficient input validation which was currently being exploited by hackers to read roundcube's configuration files and steal its database credentials CVE-2017-16651...
TPshop open source mall system information leakage vulnerability
TPshop open-source mall system Thinkphp shop for short, is a set of Shenzhen Soleil Networks Ltd. developed a set of multi-merchant model of the mall system. TPshop mall system there is an information leakage vulnerability . The vulnerability is due to the system reports an error by throwing an...
newrelic_rpm Gem Discloses Sensitive Information
Ruby agent 3.2.0 through 3.5.3.23 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...
Arbitrary file download vulnerability in EasyAdmin /application/index/controller/index.php page
EasyAdmin is a free and open source community program based on the LayUI template, with a ThinkPHP5 framework for backend support. An arbitrary file download vulnerability exists in the EasyAdmin /application/index/controller/index.php page. An attacker can download system configuration files by...
Database Password Disclosure Vulnerability in Bycms comment-add and Comment.php Methods
Bycms Beyuncms is a content management system based on thinkphp 5.0.9. A database password disclosure vulnerability exists in the Bycms comment-add and Comment.php methods. An attacker can exploit this vulnerability to obtain the database connection account and password...
Schneider Electric Ampla MES Information Disclosure Vulnerability
Ampla Manufacturing Execution System MES is a manufacturing execution system from Schneider Electric, France, for on-site production management in production plants and factories. An information disclosure vulnerability exists in the Schneider Electric Ampla MES, which provides the ability to...
CVE-2017-9771
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the databaseusername, databasehost, or databasepassword parameter...
NIUSHOP open source mall system sort parameter there are SQL injection vulnerabilities
NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a set of PHP open source e-commerce system . NIUSHOP open source mall system sort parameters exist SQL injection vulnerability . As the commodity price...
Plaintext Credentials Logged
presto-main logs plaintext database credentials on startup. It loads the credentials stored in a properties file and logs it to a world readable file, server.log...
Oracle OPERA Multiple Vulnerabilities
Oracle OPERA is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2016-7433 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle version 3.1.2 Description: The issue allows remote attackers to obtain sensitive information via unspecified vectors, related to a SQL Injection issue affecting the Administration panel function in the installation process component. T...
CVE-2016-6434
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370...
CVE-2016-6434
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370...
Drupal Sensitive Core Files Information Disclosure (CVE-2016-7572)
An information disclosure vulnerability exists in Drupal Core. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to disclosure of database credentials...