Lucene search
K

900 matches found

Cvelist
Cvelist
added 2007/02/06 7:0 p.m.28 views

CVE-2007-0792

The modperl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file...

6.6AI score0.01322EPSS
Exploits0References8
Prion
Prion
added 2007/02/01 10:28 p.m.13 views

Design/Logic Flaw

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials...

7.5CVSS7AI score0.01402EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/02/01 10:28 p.m.16 views

CVE-2007-0659

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials...

7.5CVSS6.8AI score0.01402EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/02/01 10:0 p.m.24 views

CVE-2007-0659

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials...

6.8AI score0.01402EPSS
Exploits0References5
seebug.org
seebug.org
added 2006/12/11 12:0 a.m.17 views

TorrentFlux 2.2 Database Credentials Exposure Exploit

No description provided by source. Description: TorrentFlux fails to sanitise the variable "alias" in downloaddetails.php. This allows an attacker to include any file they want; the contents is displayed at in the spaces provided and the remaning data is displayed as error messages on the page...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2006/12/04 11:28 a.m.3 views

CVE-2006-6254

administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content source code of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conncahierdetexte.php. NOTE: it is not clear...

4.3CVSS5.5AI score0.02887EPSS
Exploits1References7
Cvelist
Cvelist
added 2006/10/18 10:0 a.m.17 views

CVE-2006-5381

Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to 1 dbmsql.inc, 2 dbmssql.inc, 3 dbmysqli.inc, 4 dboci8.inc, 5 dbodbc.inc, 6 dboracle.inc, 7 dbpgsql.in...

6.3AI score0.01118EPSS
Exploits0References2
CVE
CVE
added 2006/10/18 10:0 a.m.41 views

CVE-2006-5381

CVE-2006-5381 : Contenido CMS stores sensitive data under the web root with insufficient access control, enabling remote attackers to obtain database credentials and other information via direct requests to8 files in the conlib/ directory (db_msql.inc, db_mssql.inc, db_mysqli.inc, db_oci8.inc, db...

5CVSS6.7AI score0.01118EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2006/10/18 4:6 a.m.14 views

CVE-2006-5381

Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to 1 dbmsql.inc, 2 dbmssql.inc, 3 dbmysqli.inc, 4 dboci8.inc, 5 dbodbc.inc, 6 dboracle.inc, 7 dbpgsql.in...

5CVSS6.3AI score0.01118EPSS
Exploits0References2
NVD
NVD
added 2006/09/14 12:7 a.m.12 views

CVE-2006-4772

HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc...

5CVSS6.5AI score0.01162EPSS
Exploits0References2
Cvelist
Cvelist
added 2006/09/14 12:0 a.m.18 views

CVE-2006-4772

HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc...

6.5AI score0.01162EPSS
Exploits0References2
CVE
CVE
added 2006/06/12 8:0 p.m.43 views

CVE-2006-2946

CVE-2006-2946 affects Dmx Forum 2.1a, where the file path _includes/bd.inc is stored under the web root with insufficient access control. This allows remote attackers to access the database credentials (username and password). The NVD entry notes a network attack with low complexity and a partial...

5CVSS6.8AI score0.02717EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2006/05/18 12:0 a.m.60 views

[Full-disclosure] [Info Disclosure] Diesel PHP Job Site Latest Version

Subject: Info Disclosure Diesel PHP Job Site Latest Version Severity: Pretty Bad Title: Diesel PHP Job Site Latest Version Information Disclosure Home Page: http://www.dieselscripts.com/ Product Page: http://www.dieselscripts.com/diesel-job-site.html Date: May 17, 2006 Synopsis: ========= When an...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2006/04/12 12:0 a.m.39 views

adv28-K-159-2006.txt

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV28$2006 --------------------------------------------------------------------------- ECHOADV28$2006 Clever Copy = 3.0 Connect.inc Critical Information Disclosure...

7.4AI score
Exploits0
Prion
Prion
added 2006/04/11 11:2 p.m.13 views

Improper access control

Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc...

5CVSS6.7AI score0.07387EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2005/06/28 4:0 a.m.45 views

CVE-2002-1886

TightAuction 3.0 is affected by an access-control misconfiguration where config.inc is stored under the web document root, allowing remote attackers to obtain the database username and password. The root cause is insufficient access control on the configuration file. Current documents do not spec...

5CVSS7.1AI score0.02839EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.16 views

CVE-2005-2029

amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file...

6.8AI score0.01317EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/03/10 5:0 a.m.15 views

CVE-2004-1758

BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges...

6.7AI score0.00362EPSS
Exploits0References7
securityvulns
securityvulns
added 2005/01/07 12:0 a.m.25 views

[UNIX] MyCart Discloses Settings Information to Remote Users

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2004/12/31 5:0 a.m.4 views

CVE-2004-2323

DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...

5CVSS5.7AI score0.014EPSS
Exploits0References6
Rows per page
Query Builder