13 matches found
PT-2025-32436 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The issue stems from an insecure database configuration established by the user, and was initially identified as a potential security concern but was later...
The vulnerability of the Segnetics SMConfig system configuration tool lies in the insufficient security of the database where user credentials are stored, allowing attackers to access and disclose sensitive information.
The vulnerability of the Segnetics SMConfig system configuration tool is related to the insufficient security of the database where user credentials are stored. Exploiting this vulnerability allows a malicious actor to disclose sensitive information by sending a specially crafted GET request from...
The vulnerability of the commands.inc.php component of the rConfig configuration management tool for network devices stems from a lack of security measures in the SQL query structure. This allows attackers to execute arbitrary commands.
The vulnerability of the commands.inc.php component of the rConfig network device configuration management tool is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands via a specially crafted GET...
Major Groupon, TicketMaster Fraud Scheme Exposed By Insecure Database
UPDATE After discovering a cache of 17 million emails exposed on an unsecured database, researchers with vpnMentor began to hunt for its owner — but to their surprise, they found that the database belonged not to a company, but to a sophisticated criminal network. Cybercriminals had been both...
Sql injection
An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajaxrulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajaxrulesuggest.php?debug=1&term= request...
Ride-hailing app leaks personal data of millions of Iranians
By Ryan De Souza The ride-hailing app database was hosted on an insecure MongoDB server. Another day, another data breach - This time, security researchers have identified a ride-hailing app exposing personal data of 1 to 2 million Iranian drivers, thanks to an insecure MongoDB database. The...
Insecure Ride App Database Leaks Data of 300K Iranian Drivers
A researcher has discovered that over a quarter-million drivers of the Iranian ride hailing app Tap30 have had their data left publicly exposed in an insecure database. Tap30 is an online taxi application, similar to Uber, that connects users to drivers through the mobile app and the corporate...
Open Databases a Juicy Extortion Target
Recent attacks against insecure MongoDB, Hadoop and CouchDB installations represent a new phase in online extortion, born from ransomware’s roots with the promise of becoming a nemesis for years to come. “These types of attacks have grown from ones of opportunity to full-scale automated and...
DEBIAN-CVE-2011-4899
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static...
ClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability
No description provided by source. + ClearBudget v0.6.1 Insecure Database Download + Discovered By Room-Hacker Ex : http://site.il/db/budget.sqlite Demo : http://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite...
ClearBudget 0.6.1 - Insecure Database Disclosure
ClearBudget 0.6.1 - Insecure Database Disclosure + ClearBudget v0.6.1 Insecure Database Download + Discovered By Room-Hacker Ex : http://site.il/db/budget.sqlite Demo : http://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite milw0rm.com 2009-02-05...
ClearBudget 0.6.1 - Insecure Database Disclosure
ClearBudget v0.6.1 Insecure Database Download + Discovered By Room-Hacker Ex : http://site.il/db/budget.sqlite Demo : http://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite milw0rm.com 2009-02-05...
ClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability
Exploit for unknown platform in category web applications ================================================================= ClearBudget 0.6.1 Misspelled htaccess Insecure DD Vulnerability ================================================================= + ClearBudget v0.6.1 Insecure Database...