RubyGems xaviershay-dm-rails 'storage.rb' MySQL Information Disclosure Vulnerability

RubyGems xaviershay-dm-rails is a Ruby application. A security vulnerability in RubyGems xaviershay-dm-rails 'storage.rb' allows remote attackers to exploit a vulnerability to obtain sensitive MySQL authentication credential information...

MantisBT 1.2.x < 1.2.19 Multiple Vulnerabilities

Binary data 8903.prm...

MantisBT 1.1.x < 1.2.18 Multiple Vulnerabilities

Binary data 8902.prm...

MantisBT Improper Access Control Vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A security vulnerability exists in MantisBT versions 1.2.18 and earlier and 1.3.0-beta.1, which stems from the progr...

CVE-2014-9572

MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to //install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4...

Code injection

MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to //install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4...

CVE-2014-9572

MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to //install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4...

CVE-2014-9572

CVE-2014-9572 affects MantisBT versions prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2. The issue is improper access restriction on the file path /*/install.php, allowing remote attackers to obtain database credentials via the install parameter with the value 4. This is a credential disclosure d...

WordPress Slider Revolution Plugin Local File Inclusion (CVE-2014-9734; CVE-2015-1579)

An information disclosure vulnerability has been reported in WordPress Slider Revolution Plugin. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to disclosure of database credentials...

Google Blacklists Sites Peddling SoakSoak Malware

UPDATE Google blacklisted more than 10,000 different websites over the weekend that it spotted doling out SoakSoak malware, but experts claim the number of impacted sites may ultimately be ten times that figure. Up to 100,000 sites hosted on WordPress may be vulnerable to a campaign known as...

CVE-2014-9279

The printtestresult function in admin/upgradeunattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL...

CVE-2014-9279

The printtestresult function in admin/upgradeunattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL...

CVE-2014-9279

CVE-2014-9279 affects MantisBT 1.1.0a3 through 1.2.x before 1.2.18; the print_test_result function in admin/upgrade_unattended.php can reveal database credentials by including a hostname URL parameter and echoing parameters in the response, enabling remote information disclosure. The issue is add...

Multiple vulnerabilities in MantisBT

High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in MantisBT, which can be exploited to perform Cross-Site Scripting XSS and SQL injection attacks. Improper access control vulnerability discloses database's credentials login and password in plaintext. 1 Cross-Site...

BMC Track-It! - Multiple Vulnerabilities

Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting services on port 9010. .NET remoting is a RMI...

Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities

Exploit Title: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities Google Dork: intitle:"Powered by Pro Chat Rooms" Date: 5 August 2014 Exploit Author: Mike Manzotti @ Dionach Ltd Vendor Homepage: http://prochatrooms.com Software Link: http://prochatrooms.com/software.php Version: v8.2.0 Tested on:...

CVE-2013-5433

The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document...

CVE-2014-4031

The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors...

Design/Logic Flaw

The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors...

CVE-2014-4031

The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors...