CVE-2024-47884

CVE-2024-47884 affects foxmarks, a CLI read-only interface for Firefox bookmarks/history. The root cause is insecure temporary file handling: NamedTempFile is created with 0600, but after copying the Firefox database the file’s permissions are copied as 0644, exposing the data to any local user. ...

CVE-2023-46601

Summary of CVE-2023-46601 : Siemens COMOS (All versions) is affected by an access control vulnerability in the SQLServer connection path, enabling an attacker to query the database and access information beyond the user’s rights. The issue is described across multiple feeds as an improper access ...

CVE-2018-1075

ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step...

SQL Injection Vulnerability in Z-Vote

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Z-Vote WordPress plugin which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in Z-Vote The vulnerability exists due to input sanitation errors in the "zvote" parameter in zvote.php. A...

Default credentials

The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments...