Lucene search
K

318 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:34 a.m.14 views

CVE-2024-12900

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attac...

9.8CVSS7AI score0.00696EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:21 a.m.5 views

CVE-2023-34097

hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are...

8.8CVSS7AI score0.0068EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:43 p.m.11 views

CVE-2021-31816

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext...

7.5CVSS7.7AI score0.00858EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:6 p.m.7 views

CVE-2020-35992

Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file specifically, the LogPassword attribute within appconfig.ini, they would be able to decrypt the password stored within the configuration file. This woul...

6.5CVSS7.2AI score0.00608EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:26 a.m.5 views

CVE-2010-3244

BbtsConnectionEdit.exe in Blackboard Transact Suite formerly Blackboard Commerce Suite before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml...

4.6CVSS6.7AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:26 a.m.11 views

CVE-2010-3245

The automated-backup functionality in Blackboard Transact Suite formerly Blackboard Commerce Suite stores the 1 database username and 2 database password in cleartext in a script and b batch .bat files, which allows local users to obtain sensitive information by reading a file...

2.1CVSS6.3AI score0.00876EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:51 a.m.8 views

CVE-2013-5208

HR Systems Strategies info:HR HRIS 7.9 does not properly protect the database password, which allows local users to bypass intended database restrictions by accessing the USERPW registry key and bypassing an unspecified obfuscation technique...

4.1CVSS6.7AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:44 a.m.7 views

CVE-2013-4967

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes...

5CVSS7.1AI score0.01266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:35 p.m.8 views

CVE-2004-2718

PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request...

4.3CVSS6.4AI score0.01657EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/02 12:22 a.m.5 views

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...

6.5CVSS6.4AI score0.00407EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.9 views

PT-2025-9140 · Syspass · Syspass

Name of the Vulnerable Software and Affected Versions: Syspass versions 3.2.x Description: The account file upload functionality in Syspass fails to properly handle special characters in filenames, leading to the disclosure of the web application's source code and exposing sensitive information...

6.5CVSS6.2AI score0.00407EPSS
Exploits1References9
CVE
CVE
added 2025/02/28 12:0 a.m.116 views

CVE-2025-25478

The CVE-2025-25478 issue affects Syspass 3.2.x and stems from the account file upload feature mishandling special characters in filenames. This mismanagement can disclose the web application’s source code and sensitive data (e.g., database password). Multiple sources corroborate the vulnerability...

6.5CVSS6.7AI score0.00407EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 12:57 a.m.5 views

CVE-2024-28981

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

8.5CVSS7AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.17 views

CVE-2024-54452

An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers authenticated as administrators to trigger the display of unintended files. Any file...

0.00821EPSS
Exploits0References2
NVD
NVD
added 2024/12/23 2:15 a.m.19 views

CVE-2024-12900

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attac...

9.8CVSS0.00696EPSS
Exploits0References4
OSV
OSV
added 2024/12/23 2:15 a.m.4 views

CVE-2024-12900

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attac...

9.8CVSS5.5AI score0.00696EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/23 12:0 a.m.4 views

FoxCMS 注入漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.2 and previous versions of injection vulnerability, the vulnerability stems from the component configuration file handler file /install/installdb.php parameter database password will lead to code...

9.8CVSS6.9AI score0.00696EPSS
Exploits0References4
NVD
NVD
added 2024/11/28 10:15 a.m.28 views

CVE-2024-22037

The uyuni-server-attestation systemd service needs a databasepassword environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users...

5.7CVSS0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/28 9:46 a.m.18 views

CVE-2024-22037 Database password leaked by systemd uyuni-server-attestation service

The uyuni-server-attestation systemd service needs a databasepassword environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users...

5.7CVSS0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/28 9:46 a.m.20 views

CVE-2024-22037 Database password leaked by systemd uyuni-server-attestation service

The uyuni-server-attestation systemd service needs a databasepassword environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users...

5.7CVSS6.8AI score0.00172EPSS
Exploits0References1
Rows per page
Query Builder