Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2025/08/09 12:0 a.m.6 views

PT-2025-32436 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The issue stems from an insecure database configuration established by the user, and was initially identified as a potential security concern but was later...

7AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/07 12:0 a.m.4 views

The vulnerability of the Segnetics SMConfig system configuration tool lies in the insufficient security of the database where user credentials are stored, allowing attackers to access and disclose sensitive information.

The vulnerability of the Segnetics SMConfig system configuration tool is related to the insufficient security of the database where user credentials are stored. Exploiting this vulnerability allows a malicious actor to disclose sensitive information by sending a specially crafted GET request from...

6.8CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/03/20 12:0 a.m.6 views

The vulnerability of the commands.inc.php component of the rConfig configuration management tool for network devices stems from a lack of security measures in the SQL query structure. This allows attackers to execute arbitrary commands.

The vulnerability of the commands.inc.php component of the rConfig network device configuration management tool is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands via a specially crafted GET...

10CVSS8.2AI score0.99683EPSS
Exploits14References6Affected Software1
ThreatPost
ThreatPost
added 2019/09/11 6:1 p.m.60 views

Major Groupon, TicketMaster Fraud Scheme Exposed By Insecure Database

UPDATE After discovering a cache of 17 million emails exposed on an unsecured database, researchers with vpnMentor began to hunt for its owner — but to their surprise, they found that the database belonged not to a company, but to a sophisticated criminal network. Cybercriminals had been both...

7AI score
Exploits0References9
Prion
Prion
added 2019/09/09 2:15 p.m.15 views

Sql injection

An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajaxrulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajaxrulesuggest.php?debug=1&term= request...

5.5CVSS8.4AI score0.01198EPSS
Exploits1References1Affected Software1
HackRead
HackRead
added 2019/04/25 9:7 p.m.29 views

Ride-hailing app leaks personal data of millions of Iranians

By Ryan De Souza The ride-hailing app database was hosted on an insecure MongoDB server. Another day, another data breach - This time, security researchers have identified a ride-hailing app exposing personal data of 1 to 2 million Iranian drivers, thanks to an insecure MongoDB database. The...

2.7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/04/19 4:37 p.m.34 views

Insecure Ride App Database Leaks Data of 300K Iranian Drivers

A researcher has discovered that over a quarter-million drivers of the Iranian ride hailing app Tap30 have had their data left publicly exposed in an insecure database. Tap30 is an online taxi application, similar to Uber, that connects users to drivers through the mobile app and the corporate...

0.5AI score
Exploits0References13
ThreatPost
ThreatPost
added 2017/02/13 11:0 a.m.10 views

Open Databases a Juicy Extortion Target

Recent attacks against insecure MongoDB, Hadoop and CouchDB installations represent a new phase in online extortion, born from ransomware’s roots with the promise of becoming a nemesis for years to come. “These types of attacks have grown from ones of opportunity to full-scale automated and...

0.2AI score
Exploits0References1
OSV
OSV
added 2012/01/30 5:55 p.m.10 views

DEBIAN-CVE-2011-4899

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static...

7.5CVSS7.5AI score0.08982EPSS
Exploits8References1
seebug.org
seebug.org
added 2009/02/06 12:0 a.m.24 views

ClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability

No description provided by source. + ClearBudget v0.6.1 Insecure Database Download + Discovered By Room-Hacker Ex : http://site.il/db/budget.sqlite Demo : http://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/02/05 12:0 a.m.11 views

ClearBudget 0.6.1 - Insecure Database Disclosure

ClearBudget 0.6.1 - Insecure Database Disclosure + ClearBudget v0.6.1 Insecure Database Download + Discovered By Room-Hacker Ex : http://site.il/db/budget.sqlite Demo : http://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite milw0rm.com 2009-02-05...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/02/05 12:0 a.m.35 views

ClearBudget 0.6.1 - Insecure Database Disclosure

ClearBudget v0.6.1 Insecure Database Download + Discovered By Room-Hacker Ex : http://site.il/db/budget.sqlite Demo : http://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite milw0rm.com 2009-02-05...

7.4AI score
Exploits0
0day.today
0day.today
added 2009/02/05 12:0 a.m.28 views

ClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability

Exploit for unknown platform in category web applications ================================================================= ClearBudget 0.6.1 Misspelled htaccess Insecure DD Vulnerability ================================================================= + ClearBudget v0.6.1 Insecure Database...

7.1AI score
Exploits0
Rows per page
Query Builder