CVE-2024-6297

CVE-2024-6297 refers to multiple WordPress plugins where the plugin source code was compromised, injecting backdoors that exfiltrate database credentials and can create new administrator users. Public disclosures from Red Hat and Wordfence confirm a high‑risk, internal compromise affecting severa...

CVE-2024-6297 Several WordPress.org Plugins <= Various Versions - Injected Backdoor

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

WordPress Plugin Several WordPress.org Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

jberet: jberet-core logging database credentials

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

jberet: jberet-core logging database credentials

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

jberet: jberet-core logging database credentials

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)

Exploit Title: Craft CMS Logs Plugin 3.0.3 - Path Traversal Authenticated Date: 2022.01.26 Exploit Author: Steffen Rogge Vendor Homepage: https://github.com/ethercreative/logs Software Link: https://plugins.craftcms.com/logs Version: =3.0.4 impact: Medium found: 2021-07-06 SEC Consult Vulnerabili...

silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms

When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password fields...

NETGEAR ProSAFE Network Management System Elevation of Privilege Vulnerability

NETGEAR ProSAFE Network Management System is a network management system from NETGEAR for centralized management, monitoring, and configuration of network devices. An elevation of privilege vulnerability exists in NETGEAR ProSAFE Network Management System, which stems from the use of default MySQ...

CVE-2023-51588

Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute...

GHSA-9WMF-XF3H-R8PR Jberet: jberet-core logging database credentials

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

CVE-2024-1102 Jberet: jberet-core logging database credentials

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

CVE-2024-1102 Jberet: jberet-core logging database credentials

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

Laravel Framework 11 - Credential Leakage

Exploit Title: Laravel Framework 11 - Credential Leakage Google Dork: N/A Date: 2024-04-19 Exploit Author: Huseein Amer Vendor Homepage: https://laravel.com/ Software Link: N/A Version: 8. - 11. REQUIRED Tested on: N/A CVE : CVE-2024-29291 Proof of concept: Go to any Laravel-based website and...

CVE-2024-29291

An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the...

CVE-2024-29291

An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the...

CVE-2024-29291

CVE-2024-29291 affects Laravel Framework 8–11. Affected: PHP-based Laravel; issue: remote attacker may discover database credentials logged in storage/logs/laravel.log. Root cause cited in sources: sensitive connection data captured in logs via Laravel’s database connectors, enabling credential l...

Laravel Framework 安全漏洞

Laravel Framework is a PHP-based web application development framework from the individual developer Taylor Otwell. A security vulnerability exists in Laravel Framework versions 8 through 11, which stems from a vulnerability that allows a remote attacker to discover database credentials in...

CVE-2024-29291

An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the...

CVE-2024-3706

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to view a php backup file controlaccess.php-LAST where database credentials are stored...