CVE-2019-25475 SQL Server Password Changer 1.90 Denial of Service Buffer Overflow

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...

EUVD-2006-6241

Malware in sbrugna...

EUVD-2015-0532

Malware in sbrugna...

MGASA-2023-0095 Updated mysql-connector-c++ packages fix security vulnerability

The program plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407...

CVE-2022-34005

TitanFTP NextGen (before 1.2.1050) is affected by a remote code execution vulnerability due to a hardcoded sa password in the default Microsoft SQL Express 2019 instance installed during TitanFTP NextGen installation. The 1.2.1050 release fixes this issue for new installations, but not for upgrad...

CVE-2022-0859

McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server restricted to...

MGASA-2022-0111 Updated cyrus-sasl packages fix security vulnerability

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407...

PT-2022-13478 · Mcafee · Mcafee Enterprise Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: McAfee Enterprise ePolicy Orchestrator ePO versions prior to 5.10 Update 13 Description: The issue allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. This can be achieved if the...

CVE-2018-5282

Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is...

froxlor -- database password information leak

[email protected] reports: An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file...

Design/Logic Flaw

The InputAccel Database IADB installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel IA SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file...

CVE-2015-0519

The InputAccel Database IADB installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel IA SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file...

CVE-2015-0519

The CVE-2015-0519 issue affects EMC Captiva Capture 7.0 (before patch 25) and 7.1 (before patch 13). During InputAccel Database (IADB) installation, a cleartext InputAccel (IA) SQL password may be written to a DAL log file, enabling local users to read sensitive credentials. Impact is defined as ...

Prewikka: password disclosure

Background Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework. Description The permissions of the prewikka.conf file are set world readable. Impact A local attacker could obtain the SQL database password used by Prewikka. Workaround There is no known workaroun...

UBUNTU-CVE-2010-2058

setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password...

[Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass

Title: Invision Power Board = 2.3.5 Multiple Vulnerabilities and Security Bypass Vendor: http://www.invisionpower.com/community/board/ Advisory: http://acid-root.new.fr/?0:18 Author: DarkFig gmdarkfig at gmail dot com Released on: 2008/08/29 Changelog: 2008/08/29 Summary: Introduction Blind SQL...

PhPress-0.3.0 Read All Sql Information For Config

Name : PhPress-0.3.0 Read All Sql Information For Config Download From : http://phpress.org/ Or Direct Link : http://dfn.dl.sourceforge.net/sourceforge/phpress/PhPress-0.3.0.tar.gz Discovred By : Hasadya Raed E-mail : [email protected] ================================================== Exploit :...

CVE-2006-6258

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting XSS attack...

imoelPassword.txt

IMOEL CMS has the weakness to download the plain text sql password in the setting.php file / $setting'host''username' = 'sqlusername'; $setting'host''password' = 'sqlpassword'; so u can download the setting.php file & view the plain text password as the default imoel cms set the administrator use...

IMOEL CMS Sql password discovery

IMOEL CMS has the weakness to download the plain text sql password in the setting.php file / $setting'host''username' = 'sqlusername'; $setting'host''password' = 'sqlpassword'; so u can download the setting.php file & view the plain text password as the default imoel cms set the administrator use...