41 matches found
CVE-2020-37116
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
CVE-2020-37116 GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
EUVD-2005-4655
Malware in sbrugna...
EUVD-2014-8441
Malware in sbrugna...
EUVD-2011-3160
Malware in sbrugna...
EUVD-2022-2415
Malicious code in bioql PyPI...
PT-2023-6495 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server affected versions not specified Description: The issue is related to incorrect permission assignment for files in the corporate version of GitHub Enterprise Server. This could allow an attacker to obtain the MySQL...
CVE-2022-35866
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-cod...
AnchorCMS < 0.12.3a - Information Disclosure Exploit
Exploit for multiple platform in category web applications Exploit Title: Information disclosure MySQL password in error log Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version:...
Ansible: in some circumstances the mysql_user module may fail to correctly change a password
An input validation vulnerability was found in Ansible's mysqluser module which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed...
CVE-2014-8604
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors...
PHPB2B某处漏洞直接查看mysql密码
简要描述: PHPB2B某处漏洞直接查看mysql密码 详细说明: PHPB2B某处漏洞直接查看mysql密码 官网下载的最新版 install/install.php 安装文件,查看下代码。 ?php / PHPB2B Copyright C 2007-2099, Ualink Inc. All Rights Reserved. The contents of this file are subject to the License; you may not use this file except in compliance with the License. @version...
XCloner Wordpress/Joomla! Plugin - Multiple Vulnerabilities
No description provided by source. Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
Accellion Secure File Transfer Code Execution
, , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Accellion Secure File Transfer SFTP Satellite Remote Root Code Execution PDF:...
CVE-2011-3196
The setup script in Domain Technologie Control DTC before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file...
Design/Logic Flaw
The setup script in Domain Technologie Control DTC before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file...
CVE-2011-3196
The setup script in Domain Technologie Control DTC before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file...
CVE-2011-3196
The setup script in Domain Technologie Control DTC before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file...
CVE-2011-3196
The CVE-2011-3196 issue affects Domain Technologie Control (DTC) prior to version 0.34.1. The root cause is world-readable permissions on /etc/apache2/apache2.conf, which allowed local users to read a configuration file and obtain the dtcdaemons MySQL password. Impact was local, with confidential...
Zen Cart local file disclosure-vulnerability warning-the black bar safety net
by t00ls Get the page path where the url/extras/ipntestreturn.php To obtain site configuration information url/extras/curltest. php? url=file://path/includes/configure.php Read the server passwd url/extras/curltest. php? url=file:///etc/passwd Get the MYSQL password, but the database only allows...