1284 matches found
CVE-2007-3191
Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...
Information disclosure
Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...
CVE-2007-3192
admin/setup.php in Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to read and modify configuration settings via a direct request...
CVE-2007-3191
Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...
CVE-2007-3192
admin/setup.php in Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to read and modify configuration settings via a direct request...
Improper access control
Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb...
CVE-2007-3146
Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb...
CVE-2007-3083
Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb...
Improper access control
Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb...
CVE-2007-3083
Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb...
Improper access control
Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb...
CVE-2007-2979
Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb...
Improper access control
RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb...
Improper access control
WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an unreliable researcher...
CVE-2007-2945
RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb...
Improper access control
RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb...
CVE-2007-2753
RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb...
Design/Logic Flaw
Bradford CampusManager Network Control Application Server 3.16 allows remote attackers to obtain sensitive information backup, log, and configuration files via direct request for certain files in 1 /runTime/ or 2 /remediationReports/...
CVE-2007-2595
RSAuction 2.73.1.3 allows remote authenticated users to move their own account status from Suspended to Active via a direct request for the activation URL that is provided at the time of account registration. NOTE: the provenance of this information is unknown; the details are obtained solely fro...
Design/Logic Flaw
admin/sendmod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and listid fields; and send...