Lucene search
K

1284 matches found

Prion
Prion
added 2007/11/10 2:46 a.m.14 views

Improper access control

MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt...

5CVSS7.1AI score0.01218EPSS
Exploits0References4
Prion
Prion
added 2007/11/01 4:46 p.m.13 views

Improper access control

Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt...

5CVSS7.1AI score0.01256EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/11/01 4:46 p.m.18 views

Improper access control

Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb...

5CVSS7.1AI score0.01205EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/10/30 11:46 p.m.12 views

Unrestricted file upload

Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request...

7.5CVSS7.4AI score0.02385EPSS
Exploits1References4
Cvelist
Cvelist
added 2007/10/30 11:0 p.m.19 views

CVE-2007-5737

Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request...

6.9AI score0.02385EPSS
Exploits1References4
Cvelist
Cvelist
added 2007/10/20 10:0 a.m.13 views

CVE-2003-1401

login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request...

6.2AI score0.01757EPSS
Exploits1References3
Cvelist
Cvelist
added 2007/10/20 10:0 a.m.19 views

CVE-2003-1403

foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function...

6.1AI score0.01477EPSS
Exploits1References4
Prion
Prion
added 2007/10/14 6:17 p.m.16 views

Path traversal

CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files...

5CVSS6.9AI score0.01205EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/10/06 5:17 p.m.10 views

Improper access control

ASP-CMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request for mdb-database/ASP-CMSv100.mdb...

5CVSS7.1AI score0.01064EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/09/27 7:0 p.m.24 views

CVE-2007-4873

SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc...

6.4AI score0.01491EPSS
Exploits1References7
Prion
Prion
added 2007/09/24 10:17 p.m.16 views

Improper access control

Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt...

5CVSS6.9AI score0.06243EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/09/21 7:17 p.m.15 views

Improper access control

dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb...

5CVSS7.1AI score0.02527EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/09/18 7:17 p.m.13 views

CVE-2007-4937

CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php...

5CVSS6.5AI score0.02581EPSS
Exploits1References5
Prion
Prion
added 2007/09/18 7:17 p.m.15 views

Improper access control

CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php...

5CVSS7AI score0.02581EPSS
Exploits1References5
Cvelist
Cvelist
added 2007/08/03 9:0 p.m.16 views

CVE-2007-4157

PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing...

6.7AI score0.02312EPSS
Exploits0References6
Prion
Prion
added 2007/07/15 10:30 p.m.11 views

Improper access control

Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb...

7.8CVSS6.9AI score0.0142EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/07/06 7:30 p.m.12 views

Authentication flaw

admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a 1 edit, 2 add, 3 config, or 4 del value in the act parameter...

9.3CVSS7.3AI score0.03268EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/07/04 3:30 p.m.10 views

Improper access control

Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc...

5CVSS6.9AI score0.03017EPSS
Exploits0References6
NVD
NVD
added 2007/07/04 3:30 p.m.10 views

CVE-2007-3556

Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc...

5CVSS6.4AI score0.03017EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/07/04 3:0 p.m.19 views

CVE-2007-3556

Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc...

6.4AI score0.03017EPSS
Exploits0References6
Rows per page
Query Builder