CVE-2008-6756

ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file...

CVE-2007-0792

The modperl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file...

TorrentFlux 2.2 Arbitrary File Creation/Overwrite/Deletion & Command Execution Vulnerablities

r0ut3r Presents... Another r0ut3r discovery! TorrentFlux 2.2 Arbitrary File Creation/Overwrite/Deletion & Command Execution Vulnerablities Software: TorrentFlux 2.2 Vendor: http://www.torrentflux.com/ Released: 2006/11/15...

Improper access control

Dmx Forum 2.1a stores includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information...

CVE-2006-2946

Dmx Forum 2.1a stores includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information...

CVE-2006-1718

Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc...

CVE-2006-1718

Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc...

CVE-2005-2571

FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the 1 admin/mysqlinstall.php and 2 admin/pginstall.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php...

gravityBad.txt

4.22 07/08/2005 Gravity Board X v1.1 possibly prior versions Remote code execution, SQL Injection / Login Bypass, cross site scripting, path disclosure poc software: author site: http://www.gravityboardx.com/ a Sql Injection / Login Bypass: A user can bypass login check and grant administrator...

WebChat 2.0 - users.php?Database Username Disclosure

WebChat 2.0 - users.php?Database Username Disclosure source: https://www.securityfocus.com/bid/7777/info WebChat has been reported prone to a database username disclosure weakness. The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a...

WebChat 2.0 - 'users.php?Database Username Disclosure

source: https://www.securityfocus.com/bid/7777/info WebChat has been reported prone to a database username disclosure weakness. The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the...

CVE-2002-0580

WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks...

CVE-2002-0580

The CVE-2002-0580 entry concerns WorkforceROI Xpede 4.1. The provided materials indicate that remote attackers can obtain the database username by requesting datasource.asp, which leaks the username in a form. This exposure can facilitate easier brute-force password guessing attacks against the d...

CVE-2002-0580

WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks...