Lucene search
K

331 matches found

CVE
CVE
added 2007/01/31 9:0 p.m.46 views

CVE-2007-0639

GuppY 4.5.16 and earlier is affected by multiple static code injection vulnerabilities in error.php that let remote attackers inject arbitrary PHP code into a data/.inc file via cookies (REMOTE_ADDR or msg[...] with an error dimension). Exploitation would impact confidentiality, integrity, and av...

7.5CVSS7.4AI score0.06927EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2006/01/26 10:3 p.m.12 views

Improper access control

Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt...

5CVSS7.3AI score0.01667EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2006/01/26 10:3 p.m.14 views

CVE-2006-0439

Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt...

5CVSS6.7AI score0.01667EPSS
Exploits1References6
Cvelist
Cvelist
added 2006/01/26 10:0 p.m.14 views

CVE-2006-0439

Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt...

6.7AI score0.01667EPSS
Exploits1References6
CVE
CVE
added 2006/01/26 10:0 p.m.35 views

CVE-2006-0439

Text Rider 2.4 is vulnerable due to insufficient access control in the data directory under the web document root, enabling remote attackers to directly access data/userlist.txt and obtain usernames and password hashes. The connected records confirm the affected software (Text Rider 2.4) and the ...

5CVSS6.7AI score0.01667EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2006/01/22 12:0 a.m.3 views

PT-2006-1441 · Rcblog · Rcblog

Name of the Vulnerable Software and Affected Versions: RCBlog version 1.03 Description: The issue allows remote attackers to view account names and MD5 password hashes due to insufficient access control of the data and config directories stored under the web root. Recommendations: For RCBlog...

5CVSS6.4AI score0.01721EPSS
Exploits1References8
CVE
CVE
added 2005/05/24 4:0 a.m.53 views

CVE-2005-1716

The CVE refers to TOPo 2.2 (2.2.178), where data files are stored in the data directory under the web document root with insufficient access control. This could allow remote attackers to view sensitive information, such as client IP addresses. Connected documents (e.g., Red Hat advisory and CVE l...

5CVSS6.6AI score0.01548EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2005/05/24 4:0 a.m.20 views

CVE-2005-1716

TOPo 2.2 2.2.178 stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses...

5CVSS6.2AI score0.01548EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/05/24 4:0 a.m.23 views

CVE-2005-1716

TOPo 2.2 2.2.178 stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses...

6.2AI score0.01548EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2004/11/24 12:0 a.m.12 views

KorWeblog < 1.6.2 Remote Directory Listing

Binary data 2433.prm...

7.5CVSS7.3AI score0.07106EPSS
Exploits3References3
NVD
NVD
added 2003/01/17 5:0 a.m.20 views

CVE-2003-0012

The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data...

2.1CVSS6.2AI score0.0029EPSS
Exploits0References5
Rows per page
Query Builder