331 matches found
CVE-2007-0639
GuppY 4.5.16 and earlier is affected by multiple static code injection vulnerabilities in error.php that let remote attackers inject arbitrary PHP code into a data/.inc file via cookies (REMOTE_ADDR or msg[...] with an error dimension). Exploitation would impact confidentiality, integrity, and av...
Improper access control
Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt...
CVE-2006-0439
Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt...
CVE-2006-0439
Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt...
CVE-2006-0439
Text Rider 2.4 is vulnerable due to insufficient access control in the data directory under the web document root, enabling remote attackers to directly access data/userlist.txt and obtain usernames and password hashes. The connected records confirm the affected software (Text Rider 2.4) and the ...
PT-2006-1441 · Rcblog · Rcblog
Name of the Vulnerable Software and Affected Versions: RCBlog version 1.03 Description: The issue allows remote attackers to view account names and MD5 password hashes due to insufficient access control of the data and config directories stored under the web root. Recommendations: For RCBlog...
CVE-2005-1716
The CVE refers to TOPo 2.2 (2.2.178), where data files are stored in the data directory under the web document root with insufficient access control. This could allow remote attackers to view sensitive information, such as client IP addresses. Connected documents (e.g., Red Hat advisory and CVE l...
CVE-2005-1716
TOPo 2.2 2.2.178 stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses...
CVE-2005-1716
TOPo 2.2 2.2.178 stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses...
KorWeblog < 1.6.2 Remote Directory Listing
Binary data 2433.prm...
CVE-2003-0012
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data...