105 matches found
CVE-2024-52902
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system...
IBM Cognos Controller 信任管理问题漏洞
IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. IBM Cognos Controller suffers from a trust management...
Kurmi Provisioning Suite 安全漏洞
Kurmi Provisioning Suite is an infrastructure management suite from Kurmi. A security vulnerability exists in Kurmi Provisioning Suite versions prior to 7.9.0.35 and versions 7.10.x through 7.10.0.18. An attacker exploiting this vulnerability could access any file, such as a configuration file...
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand
Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...
CVE-2024-28981
Hitachi Vantara Pentaho Data Integration & Analytics is affected. Versions before 10.1.0.0 and 9.3.0.8 (including 8.3.x) disclose database passwords when searching metadata injectable fields due to insufficiently protected credentials. No exploitation details are provided in the documents. Remedi...
CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...
CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...
Amazon AWS Glue Database Password Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Database Passwords in Server Response product: Amazon AWS Glue vulnerable version: until 2024-02-23 fixed version: as of 2024-02-23 CVE number: - impact: medium homepage:...
SCHUHFRIED Security Vulnerabilities
SCHUHFRIED is a psychometric testing system from the Austrian company SCHUHFRIED. A security vulnerability exists in SCHUHFRIED version v.8.22.00, which originated from a vulnerability that allows remote attackers to obtain database passwords via a specially crafted curl command...
EGroupware Security Vulnerabilities
EGroupware is an online office platform from EGroupware, Inc. A security vulnerability exists in EGroupware version 17.1.20190111, which stems from the presence of an incorrect password storage vulnerability that allows an authenticated, remote attacker with administrator credentials to read...
All-In-One Security (AIOS) – Security and Firewall < 5.2.0 - Insecure Storage of Password
The plugin stores the password inside the database as plaintext allowing administrators to obtain access to user's passwords...
CVE-2018-1053 - Ensure that all temporary files made with "pg_upgrade" are non-world-readable
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...
Mattermost 日志信息泄露漏洞
Mattermost is an open source collaboration platform from US-based Mattermost. A log information disclosure vulnerability exists in Mattermost Sever, which stems from the inability to edit database usernames and passwords before issuing application logs during server initialization...
PT-2023-22970
Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.3.0 through 2.0.1 Description An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. Recommendations For Apache Superset versions...
SUSE CVE-2013-6384
1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...
Internet Bug Bounty: Leak of sensitive values to Airflow rendered template
I’m just getting started with Airflow, but seem to have got into a situation where sensitive values e.g. connection passwords end up in my task’s rendered template. Here’s how my DAG starts, having set up a connection called “secret” with a password specified: t1 = BashOperator...
Design/Logic Flaw
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...
CVE-2021-45447 Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...
CVE-2021-45447 Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...
SAP Business One Information Disclosure Vulnerability (CNVD-2021-101685)
SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One version 10.0 contains an information disclosure vulnerability, which originates when an administrator user can view database passwords in plain text over the network. An attacker could use...