CVE-2014-4031

CVE-2014-4031 affects Aruba Networks ClearPass Policy Manager. Vulnerable versions include ClearPass 5.x, 6.0.x, 6.1.x up to 6.1.4.61696, 6.2.x up to 6.2.6.62196, and 6.3.x before 6.3.4. The issue allows remote authenticated users to obtain database credentials via unspecified vectors. Exploitati...

Design/Logic Flaw

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document...

CVE-2014-0894

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document...

CVE-2014-0894

Summary: CVE-2014-0894 affects IBM Algo Credit Limits (RICOS ACLM) versions 4.5.0–4.7.0. Affects ACLM Web GUI; root cause is disclosure of database credentials (DbUser/DbPass) in clear text within an XML document read by the GUI, enabling an attacker to connect to the backend database and manipul...

PHP-Nuke NSN Script Depository 1.0.0 - Remote Source Disclosure Vuln

No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org...

NC GBook 1.0 - Remote Command injection Exploit

No description provided by source. -------------------------------------------------------------- NC GBook 1.0 Remote Command injection Exploit --------------------------------------------------------------- Founder :ThE g0bL!N Vendor:http://www.php-gaestebuch.com Thank You Very Much His0k4...

Oracle Demantra 12.2.1 - Database Credentials Disclosure

No description provided by source...

CA ERwin Web Portal ConfigServiceProvider Information Disclosure (CVE-2014-2210)

An information disclosure vulnerability exists in CA ERwin Web Portal. Upon executing a successful attack, the server will give access to XML files which normally should not be accessible to external users. This vulnerability is due to lack of authentication and insufficient input validation in t...

CVE-2014-3848

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4wdbinfo parameter...

Design/Logic Flaw

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4wdbinfo parameter...

CVE-2014-3848

CVE-2014-3848 affects the WordPress plugin iMember360 before version 3.9.001. The root cause is improper access restrictions that allow remote attackers to obtain database credentials through the i4w_dbinfo parameter. Reported impact is disclosure of database credentials; no exploitation details ...

WordPress iMember360 Plugin <= 3.9.001 - Disclosure of Database Credentials

Because of this vulnerability, the attackers can obtain database credentials via the "i4wdbinfo" parameter. Solution Update the plugin...

Wordpress iMember360 Plugin 3.8.012 - 3.9.001 - Multiple Vulnerabilities

Exploit for php platform in category web applications ------------ BACKGROUND ------------ "iMember360is a WordPress plugin that will turn a normal WordPress site into a full featured membership site. It includes all the protection controls you can imagine, yet driven by Infusionsoft's...

WordPress iMember360 Plugin 3.8.012 - 3.9.001 - Multiple Vulnerabilities

WordPress iMember360 plugin is prone to multiple vulnerabilities, such as XSS, arbitrary user deletion, arbitrary code execution and disclosure of database credentials vulnerabilities. Solution Upgrade the plugin...

WordPress Plugin iMember360 3.8.012 3.9.001 - Multiple Vulnerabilities

WordPress Plugin iMember360 3.8.012 3.9.001 - Multiple Vulnerabilities ------------ BACKGROUND ------------ "iMember360is a WordPress plugin that will turn a normal WordPress site into a full featured membership site. It includes all the protection controls you can imagine, yet driven by...

WordPress Plugin iMember360 3.8.012 &lt; 3.9.001 - Multiple Vulnerabilities

------------ BACKGROUND ------------ "iMember360is a WordPress plugin that will turn a normal WordPress site into a full featured membership site. It includes all the protection controls you can imagine, yet driven by Infusionsoft's second-to-none CRM and e-commerce engine." --...

WordPress iMember360is 3.9.001 XSS / Disclosure / Code Execution

------------ BACKGROUND ------------ "iMember360is a WordPress plugin that will turn a normal WordPress site into a full featured membership site. It includes all the protection controls you can imagine, yet driven by Infusionsoft's second-to-none CRM and e-commerce engine." --...

iMember360 < 3.9.001 - Multiple Issues

- Disclosure of database credentials - XSS Vulnerabilities - Arbitrary user deletion - Arbitrary code execution...

CA ERwin Web Portal MIMM ConfigServiceProvider Information Disclosure Vulnerability

This vulnerability allows remote attackers to read database credentials on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta...

CA ERwin Web Portal MIMM downloadScriptFile.do Information Disclosure Vulnerability

This vulnerability allows remote attackers to read nearly any system file, including database credentials, on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific fl...