ChurchCRM Information Disclosure Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from an information disclosure vulnerability that originates from the disclosure of database information in an error message, which can be exploited by an attacker to cause the disclosure of database information, including...

CVE-2025-68110

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, username, and password. Version 6.5.3 fixes the issue...

EUVD-2006-5915

Malware in sbrugna...

EUVD-2006-1718

Malware in sbrugna...

EUVD-2023-46095

Malicious code in bioql PyPI...

CVE-2025-57516

CVE-2025-57516: OS command injection in PublicCMS versions 5.202506.a and 5.202506.b. The vulnerability arises from processing crafted DATABASE, USERNAME, or PASSWORD variables passed to backupDB.bat, enabling arbitrary command execution. Affected documentation from multiple sources confirms the ...

CVE-2024-32967

Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no...

CVE-2010-3245

The automated-backup functionality in Blackboard Transact Suite formerly Blackboard Commerce Suite stores the 1 database username and 2 database password in cleartext in a script and b batch .bat files, which allows local users to obtain sensitive information by reading a file...

CVE-2023-41601

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

CVE-2023-41601

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

CSZ CMS Cross-Site Scripting Vulnerability

CSZ CMS is a PHP-based open source content management system CMS. A security vulnerability exists in CSZ CMS v1.3.0, which stems from multiple cross-site scripting XSS vulnerabilities in install/index.php that allow attackers to execute arbitrary web script or HTML with a crafted payload via the...

PT-2023-27994 · Csz Cms · Csz Cms

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters in the install/index.php file. This enables the...

MTN Group: PHP Info Exposing Secrets at https://radio.mtn.bj/info

Summary: During recon I discovered a PHP Info file exposing environment variables such as; Laravel APPKEY, Database username/password, SMTP username/password, etc. Steps To Reproduce: Visit the following URL; https://radio.mtn.bj/info You will be presented with a PHP Info file exposing environmen...

zzcms SQL Injection Vulnerability (CNVD-2018-26013)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the ajax/zs.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the current user name of mysql with the help of pxzs cookie...

Information disclosure

Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username...

CVE-2018-14328

Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username...

Zend-Framework - Full Information Disclosure

Exploit Title : Zend-Framework Full Info Disclosure Google Dork : inurl:/application/configs/application.ini Date : 26/11/2013 Exploit Author : Ariel Orellana Vendor Homepage : http://framework.zend.com/ Category : Web applications Tested on : GNU/Linux CommentGreetz : Daniel Godoy PoC : The...

WordPress Plugin Firestats - Remote Configuration File Download

Exploit Title: Wordpress firestats remote configuration file download Date: 2010-07-09 Author: Jelmer de Hen Software Link: http://firestats.cc/ Version: 1.6.5 Tested on: PHP Do a simple GET request to this file: /wp-content/plugins/firestats/php/tools/getconfig.php This will allow you to downloa...

CVE-2008-6756

ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file...

CVE-2008-6756

ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file...