Lucene search
K

149 matches found

Cvelist
Cvelist
added 2006/11/18 12:0 a.m.29 views

CVE-2006-5970

Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with 1 a null "%00" terminated url parameter to help/urlstatusgo.html; or missing parameters to 2 help/header.html, 3 help/footer.html, 4 spell.html, 5 coreforma.html, 6 daterange.html, 7...

6.2AI score0.01791EPSS
Exploits0References8
Cvelist
Cvelist
added 2006/11/15 3:0 p.m.25 views

CVE-2006-5905

Web Directory Pro allows remote attackers to 1 backup the database and obtain the backup via a direct request to admin/backupdb.php or 2 modify configuration via a direct request to admin/options.php...

6.7AI score0.01451EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/10/18 10:0 a.m.17 views

CVE-2006-5381

Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to 1 dbmsql.inc, 2 dbmssql.inc, 3 dbmysqli.inc, 4 dboci8.inc, 5 dbodbc.inc, 6 dboracle.inc, 7 dbpgsql.in...

6.3AI score0.01118EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2006/10/02 8:0 p.m.32 views

CVE-2006-5117

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...

5CVSS6AI score0.0136EPSS
Exploits0
NVD
NVD
added 2006/09/26 2:7 a.m.12 views

CVE-2006-4986

Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for 1 certain files in the includes/content directory, 2 includes/showspreview.php, and 3 adminpanel/configform.php; and files in adminpanel/includes/ including 4 mailinglist/disphtmltbl.php, 5...

5CVSS6.2AI score0.01445EPSS
Exploits1References4
CVE
CVE
added 2006/09/26 1:43 a.m.44 views

CVE-2006-4986

CVE-2006-4986 affects Grayscale BandSite CMS. The connected documents confirm an information-disclosure vulnerability: an attacker can remotely obtain sensitive data by directly requesting a wide range of files across the site, including (1) files in includes/content, (2) includes/shows_preview.p...

5CVSS6.6AI score0.01445EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2006/09/13 10:7 p.m.2 views

DEBIAN-CVE-2006-4743

WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for 1 404.php, 2 akismet.php, 3 archive.php, 4 archives.php, 5 attachment.php, 6 blogger.php, 7 comments.php, 8 comments-popup.php, 9 dotclear.php, 10 footer.php, 11 functions.php, 12...

5CVSS6.7AI score0.02411EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/07/10 8:0 p.m.15 views

CVE-2006-3483

PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to 1 list.dat or 2 mlconfig.dat...

6.5AI score0.01366EPSS
Exploits0References4
Prion
Prion
added 2006/04/25 1:2 a.m.18 views

Improper access control

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests...

5CVSS6.9AI score0.02402EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2006/04/25 1:0 a.m.22 views

CVE-2006-0232

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests...

6.4AI score0.02402EPSS
Exploits1References11
OSV
OSV
added 2006/03/03 11:2 a.m.2 views

DEBIAN-CVE-2006-0986

WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 default-filters.php, 2 template-loader.php, 3 rss-functions.php, 4 locale.php, 5 wp-db.php, and 6 kses.php in the wp-includes/ directory; and 7 edit-form-advanced.php, 8...

5CVSS6.6AI score0.03206EPSS
Exploits1References1
Cvelist
Cvelist
added 2006/02/15 11:0 a.m.23 views

CVE-2006-0697

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests...

6.8AI score0.05237EPSS
Exploits0References3
CVE
CVE
added 2006/02/15 11:0 a.m.48 views

CVE-2006-0697

Zen Cart before 1.2.7 is affected by CVE-2006-0697 due to insufficient protection of the admin/includes directory. The vulnerability, described in the NVD entry, allows remote attackers to trigger unknown impact via unspecified vectors (likely direct requests) with a CVSS v2 base score of 10.0 (H...

10CVSS6.8AI score0.05237EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2006/01/11 9:0 p.m.19 views

CVE-2006-0174

Hummingbird Collaboration aka Hummingbird Enterprise Collaboration 5.21 and earlier allows remote attackers to obtain sensitive information intranet IP addresses and enumerations of valid parameter values via a direct request to hc, which reveals the information in an error message or a cookie...

6.2AI score0.02816EPSS
Exploits1References7
Cvelist
Cvelist
added 2005/12/21 10:0 p.m.30 views

CVE-2005-4463

WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to 1 wp-includes/vars.php, 2 wp-content/plugins/hello.php, 3 wp-admin/upgrade-functions.php, 4 wp-admin/edit-form.php, 5 wp-settings.php, and 6 wp-admin/edit-form-comment.php, which leaks the path ...

5.8AI score0.03308EPSS
Exploits1References6
NVD
NVD
added 2005/12/05 1:3 a.m.15 views

CVE-2005-4006

SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files 1 insertfile.php, 2 insertimage.php, 3 insertlink.php, 4 insertqcfile.php, and 5 edit.php...

7.5CVSS7AI score0.0181EPSS
Exploits0References6
Cvelist
Cvelist
added 2005/12/05 1:0 a.m.22 views

CVE-2005-4006

SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files 1 insertfile.php, 2 insertimage.php, 3 insertlink.php, 4 insertqcfile.php, and 5 edit.php...

7AI score0.0181EPSS
Exploits0References6
Cvelist
Cvelist
added 2005/11/22 2:0 a.m.19 views

CVE-2003-1284

Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts 1 environ.pl and 2 testcgi.exe...

6.1AI score0.01388EPSS
Exploits0References5
CVE
CVE
added 2005/11/21 11:0 a.m.42 views

CVE-2005-3729

The CVE-2005-3729 issue affects Idetix Software Systems Revize CMS. It allows remote attackers to disclose sensitive information by directly requesting files in the revize/debug directory (examples: apptables.html and main.html). The underlying cause is unauthorized access to debug-area files, le...

5CVSS6.6AI score0.01548EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2005/11/16 11:0 a.m.26 views

CVE-2005-3622

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory...

5CVSS6.4AI score0.01697EPSS
Exploits0
Rows per page
Query Builder