Information Disclosure

github.com/traptitech/traq is vulnerable to Information Disclosure. The vulnerability is due to sensitive information such as OAuth tokens being recorded in SQL error log files when a query fails, which allows an attacker with log access to intentionally trigger errors and acquire the exposed dat...

traQ 日志信息泄露漏洞

traq is a PHP-based project management and issue tracking system by Jack Polgar, a personal developer. A log information disclosure vulnerability exists in versions of traQ prior to 3.25.0, which stems from recording sensitive information in SQL error logs, which could lead to information...

SynConnect Pms - index.php?loginid SQL Injection

SynConnect Pms - index.php?loginid SQL Injection Title: ==== SynConnect - SQL Injection vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== Date: ==== 01-03-2013 CRD: ==== CRD-2013-01 Vendor: ======...

ME Monitoring Manager Cross Site Scripting / SQL Injection

Title: ====== ME Monitoring Manager v9.x; v10.x - Multiple Vulnerabilities Date: ===== 2012-01-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=115 VL-ID: ===== 115 Introduction: ============= Mit dem ManageEngine Applications Manager können IT-Administratoren von...