3 results (0.016 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387. Tencent tdsqlpcloud hasta 1.8.5 permite a atacantes remotos no autenticados descubrir credenciales de bases de datos mediante una solicitud index.php/api/install/get_db_info, un problema relacionado con CVE-2023-42387. • https://github.com/Narrator21/tdsql/blob/main/20230927.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. La aplicación Shenzhen Tencent versión 5.8.2.5300 para plataformas de PC (de Tencent App Center) presenta una vulnerabilidad de secuestro de DLL. Los atacantes pueden usar esta vulnerabilidad para ejecutar código malicioso • https://www.cnvd.org.cn/flaw/show/2105399 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. "tencent-server" es un servidor web sencillo. "tencent-server" es vulnerable a un problema de salto de directorio que otorga a un atacante acceso al sistema de archivos colocando "../" en la URL. • https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tencent-server https://nodesecurity.io/advisories/418 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •