CVE-2016-5898

IBM Jazz Reporting Service JRS could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information...

Tribal Tribiq CMS Path Disclosure Vulnerability

Tribal Tribiq CMS is a content management CMS system. A security vulnerability exists in the templatewrap/templatefoot.php, cmsjs/plugin.js.php, and cmsincludes/cmspluginapilink.inc.php scripts of Tribal Tribiq CMS version 5.2.7b and earlier. A remote attacker could exploit the vulnerability by...

CVE-2013-5157

The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon...

DEBIAN-CVE-2013-3370

Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request...

UBUNTU-CVE-2011-3727

DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files...

UBUNTU-CVE-2011-3757

Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files...

Improper access control

The IBM BladeCenter with Advanced Management Module AMM firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download 1 logs or 2 core files via direct requests...

Information disclosure

PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to 1 edCss.inc.php, 2 foot.inc.php, 3 getcsscolors.inc.php, 4 head.inc.php, 5 headstuff.inc.php, 6 loglist.inc.php, and 7 pphloggersend.inc.php in include/, which reveals the installation path in an...

CVE-2008-7172

Lightweight news portal LNP 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the 1 potddelete, 2 potd, 3 voteupdate, 4 vote, or 5 modifynews actions...

Design/Logic Flaw

Lightweight news portal LNP 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the 1 potddelete, 2 potd, 3 voteupdate, 4 vote, or 5 modifynews actions...

DEBIAN-CVE-2009-2853

Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to 1 admin-footer.php, 2 edit-category-form.php, 3 edit-form-advanced.php, 4 edit-form-comment.php, 5 edit-link-category-form.php, 6 edit-link-form.php, 7 edit-page-form.php, and 8 edit-tag-form.php in wp-admin...

CVE-2009-2329

KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 admin/head.php, or 2 votingdiagram.php, 3 voting.php, 4 topicssearch.php, 5 topicslist.php, 6 toppart.php, 7 quicksearch.php, 8 quickreply.php, 9 modermenu.php, 10 messageslist.php, 11...

Information disclosure

The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to 1 lanstatusadv.asp, 2 wlanbasiccfg.asp, or 3 lancfg.asp in en/, related to use of JavaScript to protect against reading file contents...

CVE-2009-2274

The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to 1 lanstatusadv.asp, 2 wlanbasiccfg.asp, or 3 lancfg.asp in en/, related to use of JavaScript to protect against reading file contents...

Information disclosure

Cerberus Helpdesk before 4.0 Build 600 allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the 1 /display and 2 /kb URIs...

Improper access control

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/...

Improper access control

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

CVE-2008-1784

Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to 1 addu.php, 2 editu.php, and 3 uidx.php in siteadmin/...

CVE-2007-4872

SimpNews 2.41.03 allows remote attackers to obtain sensitive information via 1 an invalid lang parameter to admin/index.php; or a direct request to 2 admin/dbginfos.php, 3 admin/heading.php, or 4 evsearch.php; which reveals the path in various error messages...

Debian DSA-1374-1 : jffnms - several vulnerabilities

Several vulnerabilities have been discovered in jffnms, a web-based Network Management System for IP networks. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3189 Cross-site scripting XSS vulnerability in auth.php, which allows a remote attacker to...