CA ERwin Web Portal MIMM ProfileIconServlet Multiple Information Disclosure Vulnerabilities

This vulnerability allows remote attackers to read arbitrary files on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta Integration W...

Four Oracle Demantra Security Vulnerabilities Found

Oracle’s Demantra, part of the company’s Value Chain Planning suite of software, is fraught with vulnerabilities according to several bug disclosures issued over the weekend. Researchers at the London-based computer security firm Portcullis claim the application is plagued by a four vulnerabiliti...

Oracle Demantra 12.2.1 Database Credential Leak

Vulnerability title: Database Credentials Leak in Oracle Demantra CVE: CVE-2013-5795 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: Oracle Demantra version 12.2.1 has a backend function that allows anyone to retrieve the...

Oracle Demantra 12.2.1 - Database Credentials Disclosure

Oracle Demantra 12.2.1 - Database Credentials Disclosure Details: Demantra has a backend function that allows anyone to retrieve the database instance name and the corresponding credentials. Impact: A remote, unauthenticated attacker could exploit this issue in combination with other found issues...

Oracle Demantra 12.2.1 - Database Credentials Disclosure

Details: Demantra has a backend function that allows anyone to retrieve the database instance name and the corresponding credentials. Impact: A remote, unauthenticated attacker could exploit this issue in combination with other found issues, to extract the database credentials and instance name...

CVE-2012-0263

monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by 1 a malformed hoststatustypes parameter to status/service/all or 2 a crafted request to...

Nagios Looking Glass Addon for Nagios server/s3_download.php File Disclosure

The Nagios Looking Glass Addon for Nagios installed on the remote host is affected by a file disclosure vulnerability. By sending a specially crafted request to the Addon's 'server/s3download.php' script, a remote, unauthenticated attacker can leverage this vulnerability to obtain the contents of...

Henry Schein Dentrix G5 uses hard-coded database credentials shared across multiple installations

Overview Henry Schein Dentrix G5, a dental practice management software suite, uses hard-coded database access credentials that are shared across multiple installation sites. An attacker who is able to obtain the credentials for one site may be able to gain access to other sites using the same...

CVE-2013-0284

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...

CVE-2013-0260

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

CVE-2013-0260

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

CVE-2013-0260

CVE-2013-0260 refers to an information-disclosure vulnerability in the Drush Debian Packaging module for Drupal. The connected Drupal advisory (SA-CONTRIB-2013-014) states the module does not sufficiently protect database credentials, and exploitation requires shell access to the server. Affected...

CVE-2012-4976

selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sysassetid request, which is not properly handled during construction of an error page...

Design/Logic Flaw

selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sysassetid request, which is not properly handled during construction of an error page...

CVE-2012-4947

Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages...

Design/Logic Flaw

Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages...

CVE-2012-4947

Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages...

CVE-2012-4947

CVE-2012-4947 affects Agile FleetCommander and FleetCommander Kiosk prior to 4.08, where database credentials are stored in cleartext. This information disclosure vulnerability allows remote attackers to obtain sensitive data via unspecified pages. The NVD entry confirms a medium severity (CVSS v...

CVE-2012-3153

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...