889 matches found
Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure
source: https://www.securityfocus.com/bid/5786/info The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes JSP source code, which may contain sensitive data...
CVE-2002-0614
PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server...
CGIscript.net - csNews.cgi - Multiple Vulnerabilities
CGIscript.net - csNews.cgi - Multiple Vulnerabilities --------------------------------------------------------------------- Date : June 11, 2002 Product : csNews.cgi csNews standard csNews.cgi csNews Pro Vendor : WWW.CGIscript.NET, LLC. Homepage : http://www.cgiscript.net/ DISCUSSION:...
Endymion SakeMail and MailMan File Disclosure Vulnerability
Product: SakeMail - Webmailsystem http://www.endymion.com Problem Description: due to missing input-validation it is possible to read xml/other files with sakemails permissions read THIS javanullbyte.html for additional infos on nullbytes and java-classes! Example: a HTTP-request to:...
Oracle 9iAS globals.jsa Database Credential Remote Disclosure
In the default configuration of Oracle 9iAS, it is possible to make requests for the globals.jsa file for a given web application. These files should not be returned by the server as they often contain sensitive information such as database credentials. %NASLMINLEVEL 70300 This script was written...
CVE-2001-0330
Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed...
CVE-2001-0330
Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed...
CVE-2000-1100
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request...
Secret data exfiltration via symfony parameters
Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...