149 matches found
CVE-2006-5970
Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with 1 a null "%00" terminated url parameter to help/urlstatusgo.html; or missing parameters to 2 help/header.html, 3 help/footer.html, 4 spell.html, 5 coreforma.html, 6 daterange.html, 7...
CVE-2006-5905
Web Directory Pro allows remote attackers to 1 backup the database and obtain the backup via a direct request to admin/backupdb.php or 2 modify configuration via a direct request to admin/options.php...
CVE-2006-5381
Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to 1 dbmsql.inc, 2 dbmssql.inc, 3 dbmysqli.inc, 4 dboci8.inc, 5 dbodbc.inc, 6 dboracle.inc, 7 dbpgsql.in...
CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
CVE-2006-4986
Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for 1 certain files in the includes/content directory, 2 includes/showspreview.php, and 3 adminpanel/configform.php; and files in adminpanel/includes/ including 4 mailinglist/disphtmltbl.php, 5...
CVE-2006-4986
CVE-2006-4986 affects Grayscale BandSite CMS. The connected documents confirm an information-disclosure vulnerability: an attacker can remotely obtain sensitive data by directly requesting a wide range of files across the site, including (1) files in includes/content, (2) includes/shows_preview.p...
DEBIAN-CVE-2006-4743
WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for 1 404.php, 2 akismet.php, 3 archive.php, 4 archives.php, 5 attachment.php, 6 blogger.php, 7 comments.php, 8 comments-popup.php, 9 dotclear.php, 10 footer.php, 11 functions.php, 12...
CVE-2006-3483
PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to 1 list.dat or 2 mlconfig.dat...
Improper access control
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests...
CVE-2006-0232
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests...
DEBIAN-CVE-2006-0986
WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 default-filters.php, 2 template-loader.php, 3 rss-functions.php, 4 locale.php, 5 wp-db.php, and 6 kses.php in the wp-includes/ directory; and 7 edit-form-advanced.php, 8...
CVE-2006-0697
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests...
CVE-2006-0697
Zen Cart before 1.2.7 is affected by CVE-2006-0697 due to insufficient protection of the admin/includes directory. The vulnerability, described in the NVD entry, allows remote attackers to trigger unknown impact via unspecified vectors (likely direct requests) with a CVSS v2 base score of 10.0 (H...
CVE-2006-0174
Hummingbird Collaboration aka Hummingbird Enterprise Collaboration 5.21 and earlier allows remote attackers to obtain sensitive information intranet IP addresses and enumerations of valid parameter values via a direct request to hc, which reveals the information in an error message or a cookie...
CVE-2005-4463
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to 1 wp-includes/vars.php, 2 wp-content/plugins/hello.php, 3 wp-admin/upgrade-functions.php, 4 wp-admin/edit-form.php, 5 wp-settings.php, and 6 wp-admin/edit-form-comment.php, which leaks the path ...
CVE-2005-4006
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files 1 insertfile.php, 2 insertimage.php, 3 insertlink.php, 4 insertqcfile.php, and 5 edit.php...
CVE-2005-4006
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files 1 insertfile.php, 2 insertimage.php, 3 insertlink.php, 4 insertqcfile.php, and 5 edit.php...
CVE-2003-1284
Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts 1 environ.pl and 2 testcgi.exe...
CVE-2005-3729
The CVE-2005-3729 issue affects Idetix Software Systems Revize CMS. It allows remote attackers to disclose sensitive information by directly requesting files in the revize/debug directory (examples: apptables.html and main.html). The underlying cause is unauthorized access to debug-area files, le...
CVE-2005-3622
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory...