Lucene search
K

146 matches found

Exploit DB
Exploit DB
added 2010/03/02 12:0 a.m.29 views

osCSS 1.2.1 - Database Backups Disclosure

======================================================================================== | Title : osCSS 1.2.1 Backups Vulnerability | Author : indoushka | email : [email protected] | Home : www.sec-war.com | Dork : Powered by osCSS | Dork : Index of /osCSS/admin/backups | Tested on: windows...

7.4AI score
Exploits0
0day.today
0day.today
added 2010/03/02 12:0 a.m.32 views

osCSS v1.2.1 Database Backups Disclosure

Exploit for unknown platform in category web applications ======================================== osCSS v1.2.1 Database Backups Disclosure ======================================== ======================================================================================== | Title : osCSS 1.2.1 Backu...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/02/13 12:0 a.m.16 views

Baran CMS 1.0 Arbitrary ASP File Upload/DB/SQL/XSS/CM Vulns

No description provided by source. 0x01 Informations : Name : Baran Cms Version : 1.0 Personal site : http://www.baran-cms.ir $$ : 50$ Vul : Arbitrary ASP File Upload/DB/SQL/XSS/CM Credit : Aria-Security Team Website : http://Aria-Security.Net Contact : [email protected] 0x02 Arbitrary ASP...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/02/12 12:0 a.m.39 views

Baran CMS 1.0 - 'Arbitrary '.ASP' File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation

0x01 Informations : Name : Baran Cms Version : 1.0 Personal site : http://www.baran-cms.ir $$ : 50$ Vul : Arbitrary ASP File Upload/DB/SQL/XSS/CM Credit : Aria-Security Team Website : http://Aria-Security.Net Contact : [email protected] 0x02 Arbitrary ASP File Upload :...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2009/02/12 12:0 a.m.29 views

Baran CMS 1.0 File Upload / SQL Injection / XSS

0x01 Informations : Name : Baran Cms Version : 1.0 Personal site : http://www.baran-cms.ir $$ : 50$ Vul : Arbitrary ASP File Upload/DB/SQL/XSS/CM Credit : Aria-Security Team Website : http://Aria-Security.Net Contact : [email protected] 0x02 Arbitrary ASP File Upload :...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2009/02/12 12:0 a.m.20 views

Baran CMS 1.0 - Arbitrary .ASP File Upload File Disclosure SQL Injection Cross-Site Scripting Cookie Manipulation

Baran CMS 1.0 - Arbitrary .ASP File Upload File Disclosure SQL Injection Cross-Site Scripting Cookie Manipulation 0x01 Informations : Name : Baran Cms Version : 1.0 Personal site : http://www.baran-cms.ir $$ : 50$ Vul : Arbitrary ASP File Upload/DB/SQL/XSS/CM Credit : Aria-Security Team Website :...

0.5AI score
Exploits0
0day.today
0day.today
added 2009/02/12 12:0 a.m.23 views

Baran CMS 1.0 Arbitrary ASP File Upload/DB/SQL/XSS/CM Vulns

Exploit for unknown platform in category web applications =========================================================== Baran CMS 1.0 Arbitrary ASP File Upload/DB/SQL/XSS/CM Vulns =========================================================== 0x01 Informations : Name : Baran Cms Version : 1.0 Personal...

7.1AI score
Exploits0
Prion
Prion
added 2009/01/06 5:30 p.m.16 views

Improper access control

Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...

5CVSS6.9AI score0.02535EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2009/01/06 5:30 p.m.12 views

CVE-2008-5853

Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...

5CVSS6.3AI score0.02535EPSS
Exploits1References5
Cvelist
Cvelist
added 2009/01/06 5:0 p.m.19 views

CVE-2008-5853

Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...

6.3AI score0.02535EPSS
Exploits1References5
seebug.org
seebug.org
added 2008/12/22 12:0 a.m.15 views

chicomas <= 2.0.4 (DB Backup/DD/XSS) Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: chicomas =2.0.4 Multiple Vulnerabilities Vendor: http://www.chicomas.com/ Demo: http://demo.opensourcecms.com/chicomas Bug: Database Information Disclosure, Authorization Weakness, XSS Vulnerable Version:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/09/08 12:0 a.m.30 views

integramod-database.txt

today i found some major security problem. the issue can be found at all integramod 1.4.x versions. explanation of the issue: all integramod versions do have a backup folder where the daily database backups are stored. the coders of integramod forgott to secure this folder. example: just head to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/09/06 12:0 a.m.42 views

Integramod 1.4.x - Insecure Directory Download Database

today i found some major security problem. the issue can be found at all integramod 1.4.x versions. explanation of the issue: all integramod versions do have a backup folder where the daily database backups are stored. the coders of integramod forgott to secure this folder. example: just head to...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/09/06 12:0 a.m.19 views

Integramod 1.4.x - Insecure Directory Download Database

Integramod 1.4.x - Insecure Directory Download Database today i found some major security problem. the issue can be found at all integramod 1.4.x versions. explanation of the issue: all integramod versions do have a backup folder where the daily database backups are stored. the coders of integram...

7.4AI score
Exploits0
NVD
NVD
added 2007/12/31 8:46 p.m.14 views

CVE-2007-6603

Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via ...

5CVSS6.8AI score0.02857EPSS
Exploits0References4
Prion
Prion
added 2007/12/31 8:46 p.m.12 views

Improper access control

Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via ...

5CVSS7.4AI score0.02857EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/12/31 8:0 p.m.23 views

CVE-2007-6603

Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via ...

6.8AI score0.02857EPSS
Exploits0References4
CVE
CVE
added 2007/12/31 8:0 p.m.57 views

CVE-2007-6603

CVE-2007-6603 affects Hot or Not Clone. The issue is insufficient access control for producing/reading database backups: an attacker can trigger control/backup/backup.php to generate a backup.sql and then download it via control/downloadfile.php, exposing administrator credentials. The NVD entry ...

5CVSS6.8AI score0.02857EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/01/04 10:28 p.m.14 views

CVE-2007-0058

Cisco Clean Access CCA 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager CAM allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file...

7.8CVSS7.1AI score0.02489EPSS
Exploits0References5
Prion
Prion
added 2007/01/04 10:28 p.m.13 views

Authentication flaw

Cisco Clean Access CCA 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager CAM allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file...

7.8CVSS7.6AI score0.02489EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder