900 matches found
CVE-2007-0792
The modperl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file...
Design/Logic Flaw
download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials...
CVE-2007-0659
download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials...
CVE-2007-0659
download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials...
TorrentFlux 2.2 Database Credentials Exposure Exploit
No description provided by source. Description: TorrentFlux fails to sanitise the variable "alias" in downloaddetails.php. This allows an attacker to include any file they want; the contents is displayed at in the spaces provided and the remaning data is displayed as error messages on the page...
CVE-2006-6254
administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content source code of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conncahierdetexte.php. NOTE: it is not clear...
CVE-2006-5381
Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to 1 dbmsql.inc, 2 dbmssql.inc, 3 dbmysqli.inc, 4 dboci8.inc, 5 dbodbc.inc, 6 dboracle.inc, 7 dbpgsql.in...
CVE-2006-5381
CVE-2006-5381 : Contenido CMS stores sensitive data under the web root with insufficient access control, enabling remote attackers to obtain database credentials and other information via direct requests to8 files in the conlib/ directory (db_msql.inc, db_mssql.inc, db_mysqli.inc, db_oci8.inc, db...
CVE-2006-5381
Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to 1 dbmsql.inc, 2 dbmssql.inc, 3 dbmysqli.inc, 4 dboci8.inc, 5 dbodbc.inc, 6 dboracle.inc, 7 dbpgsql.in...
CVE-2006-4772
HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc...
CVE-2006-4772
HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc...
CVE-2006-2946
CVE-2006-2946 affects Dmx Forum 2.1a, where the file path _includes/bd.inc is stored under the web root with insufficient access control. This allows remote attackers to access the database credentials (username and password). The NVD entry notes a network attack with low complexity and a partial...
[Full-disclosure] [Info Disclosure] Diesel PHP Job Site Latest Version
Subject: Info Disclosure Diesel PHP Job Site Latest Version Severity: Pretty Bad Title: Diesel PHP Job Site Latest Version Information Disclosure Home Page: http://www.dieselscripts.com/ Product Page: http://www.dieselscripts.com/diesel-job-site.html Date: May 17, 2006 Synopsis: ========= When an...
adv28-K-159-2006.txt
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV28$2006 --------------------------------------------------------------------------- ECHOADV28$2006 Clever Copy = 3.0 Connect.inc Critical Information Disclosure...
Improper access control
Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc...
CVE-2002-1886
TightAuction 3.0 is affected by an access-control misconfiguration where config.inc is stored under the web document root, allowing remote attackers to obtain the database username and password. The root cause is insufficient access control on the configuration file. Current documents do not spec...
CVE-2005-2029
amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file...
CVE-2004-1758
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges...
[UNIX] MyCart Discloses Settings Information to Remote Users
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
CVE-2004-2323
DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...