146 matches found
osCSS 1.2.1 - Database Backups Disclosure
======================================================================================== | Title : osCSS 1.2.1 Backups Vulnerability | Author : indoushka | email : [email protected] | Home : www.sec-war.com | Dork : Powered by osCSS | Dork : Index of /osCSS/admin/backups | Tested on: windows...
osCSS v1.2.1 Database Backups Disclosure
Exploit for unknown platform in category web applications ======================================== osCSS v1.2.1 Database Backups Disclosure ======================================== ======================================================================================== | Title : osCSS 1.2.1 Backu...
Baran CMS 1.0 Arbitrary ASP File Upload/DB/SQL/XSS/CM Vulns
No description provided by source. 0x01 Informations : Name : Baran Cms Version : 1.0 Personal site : http://www.baran-cms.ir $$ : 50$ Vul : Arbitrary ASP File Upload/DB/SQL/XSS/CM Credit : Aria-Security Team Website : http://Aria-Security.Net Contact : [email protected] 0x02 Arbitrary ASP...
Baran CMS 1.0 - 'Arbitrary '.ASP' File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation
0x01 Informations : Name : Baran Cms Version : 1.0 Personal site : http://www.baran-cms.ir $$ : 50$ Vul : Arbitrary ASP File Upload/DB/SQL/XSS/CM Credit : Aria-Security Team Website : http://Aria-Security.Net Contact : [email protected] 0x02 Arbitrary ASP File Upload :...
Baran CMS 1.0 File Upload / SQL Injection / XSS
0x01 Informations : Name : Baran Cms Version : 1.0 Personal site : http://www.baran-cms.ir $$ : 50$ Vul : Arbitrary ASP File Upload/DB/SQL/XSS/CM Credit : Aria-Security Team Website : http://Aria-Security.Net Contact : [email protected] 0x02 Arbitrary ASP File Upload :...
Baran CMS 1.0 - Arbitrary .ASP File Upload File Disclosure SQL Injection Cross-Site Scripting Cookie Manipulation
Baran CMS 1.0 - Arbitrary .ASP File Upload File Disclosure SQL Injection Cross-Site Scripting Cookie Manipulation 0x01 Informations : Name : Baran Cms Version : 1.0 Personal site : http://www.baran-cms.ir $$ : 50$ Vul : Arbitrary ASP File Upload/DB/SQL/XSS/CM Credit : Aria-Security Team Website :...
Baran CMS 1.0 Arbitrary ASP File Upload/DB/SQL/XSS/CM Vulns
Exploit for unknown platform in category web applications =========================================================== Baran CMS 1.0 Arbitrary ASP File Upload/DB/SQL/XSS/CM Vulns =========================================================== 0x01 Informations : Name : Baran Cms Version : 1.0 Personal...
Improper access control
Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...
CVE-2008-5853
Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...
CVE-2008-5853
Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...
chicomas <= 2.0.4 (DB Backup/DD/XSS) Multiple Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: chicomas =2.0.4 Multiple Vulnerabilities Vendor: http://www.chicomas.com/ Demo: http://demo.opensourcecms.com/chicomas Bug: Database Information Disclosure, Authorization Weakness, XSS Vulnerable Version:...
integramod-database.txt
today i found some major security problem. the issue can be found at all integramod 1.4.x versions. explanation of the issue: all integramod versions do have a backup folder where the daily database backups are stored. the coders of integramod forgott to secure this folder. example: just head to...
Integramod 1.4.x - Insecure Directory Download Database
today i found some major security problem. the issue can be found at all integramod 1.4.x versions. explanation of the issue: all integramod versions do have a backup folder where the daily database backups are stored. the coders of integramod forgott to secure this folder. example: just head to...
Integramod 1.4.x - Insecure Directory Download Database
Integramod 1.4.x - Insecure Directory Download Database today i found some major security problem. the issue can be found at all integramod 1.4.x versions. explanation of the issue: all integramod versions do have a backup folder where the daily database backups are stored. the coders of integram...
CVE-2007-6603
Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via ...
Improper access control
Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via ...
CVE-2007-6603
Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via ...
CVE-2007-6603
CVE-2007-6603 affects Hot or Not Clone. The issue is insufficient access control for producing/reading database backups: an attacker can trigger control/backup/backup.php to generate a backup.sql and then download it via control/downloadfile.php, exposing administrator credentials. The NVD entry ...
CVE-2007-0058
Cisco Clean Access CCA 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager CAM allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file...
Authentication flaw
Cisco Clean Access CCA 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager CAM allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file...