CVE-2019-25598

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...

CVE-2026-25202

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

EUVD-2026-5093

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

PT-2026-5607

Name of the Vulnerable Software and Affected Versions MagicINFO 9 Server versions prior to 21.1090.1 Description The database account and password are hardcoded, which allows login with the account to manipulate the database. This compromises the integrity and confidentiality of the database...

CVE-2026-1221

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

CVE-2026-1221

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

CVE-2026-1221

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

PT-2025-52317

Name of the Vulnerable Software and Affected Versions RockMongo version 1.1.7 Description RockMongo 1.1.7 contains a stored cross-site scripting issue that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit this by submitting crafted...

WordPress External Login plugin SQL Injection Vulnerability

The WordPress External Login plugin is mainly used to integrate WordPress login functionality with an external database system, allowing users to log in to the site directly through an external account. WordPress External Login plugin is prone to SQL injection vulnerability, which is caused by...

Siemens TeleControl Server Basic

SUMMARY TeleControl Server Basic V3.1 contains an information disclosure vulnerability that could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service. Siemens has released a new version for...

PT-2025-34857 · Cgm · Cgm Clininet

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The configuration file containing database logins and passwords is readable by any local user. Recommendations: At the moment, there is no information about a...

CVE-2025-48709

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

Authentication flaw

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials...

CVE-2023-26573 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials...

PVS server cannot logon database with Error "The Login is from an Untrusted Domain and Cannot ..."

PVS server console cannot be launched with error: "The database login failed." SQL server log error: "Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication." "SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection...

CVE-2022-28110

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page...

SolarWinds Orion Platform Access Control Error Vulnerability

SolarWinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. An...

Solarwinds Orion Platform 信任管理问题漏洞

SolarWinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. An...

Security Bulletin: A security vulnerability has been identified in IBM Rational ClearQuest (CVE-2015-4996)

Summary A vulnerability was discovered in IBM Rational ClearQuest that allows an attacker to obtain the database login credentials. Vulnerability Details CVEID: CVE-2015-4996 DESCRIPTION: IBM ClearQuest could allow an attacker to trick it into connecting to a fake database server which would be...

WordPress Adminer 1.4.4 Interface Exposure Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ WordPress Adminer plugin allows public local database login ------------------------------------------------------------------------ David Vaartjes, July 2016...