Lucene search
K

1284 matches found

UbuntuCve
UbuntuCve
added 2007/06/12 11:30 p.m.29 views

CVE-2007-3191

Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...

9.4CVSS5.9AI score0.08383EPSS
Exploits1References1
Prion
Prion
added 2007/06/12 11:30 p.m.18 views

Information disclosure

Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...

9.4CVSS6.5AI score0.08383EPSS
Exploits1References7Affected Software1
UbuntuCve
UbuntuCve
added 2007/06/12 11:30 p.m.21 views

CVE-2007-3192

admin/setup.php in Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to read and modify configuration settings via a direct request...

9.4CVSS6AI score0.03556EPSS
Exploits1References1
NVD
NVD
added 2007/06/12 11:30 p.m.21 views

CVE-2007-3191

Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...

9.4CVSS6.2AI score0.08383EPSS
Exploits1References7
Cvelist
Cvelist
added 2007/06/12 11:0 p.m.19 views

CVE-2007-3192

admin/setup.php in Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to read and modify configuration settings via a direct request...

6.3AI score0.03556EPSS
Exploits1References5
Prion
Prion
added 2007/06/11 6:30 p.m.14 views

Improper access control

Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb...

5CVSS7.1AI score0.01213EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/06/11 6:0 p.m.20 views

CVE-2007-3146

Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb...

6.5AI score0.01213EPSS
Exploits0References4
NVD
NVD
added 2007/06/06 10:30 a.m.14 views

CVE-2007-3083

Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb...

7.8CVSS6.3AI score0.01464EPSS
Exploits0References5
Prion
Prion
added 2007/06/06 10:30 a.m.15 views

Improper access control

Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb...

7.8CVSS6.9AI score0.01464EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/06/06 10:0 a.m.21 views

CVE-2007-3083

Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb...

6.3AI score0.01464EPSS
Exploits0References5
Prion
Prion
added 2007/06/01 1:30 a.m.13 views

Improper access control

Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb...

7.8CVSS6.9AI score0.0169EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2007/06/01 1:30 a.m.13 views

CVE-2007-2979

Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb...

7.8CVSS6.3AI score0.0169EPSS
Exploits0References6
Prion
Prion
added 2007/05/31 12:30 a.m.16 views

Improper access control

RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb...

5CVSS6.9AI score0.01444EPSS
Exploits0References6
Prion
Prion
added 2007/05/31 12:30 a.m.16 views

Improper access control

WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an unreliable researcher...

5CVSS6.8AI score0.01256EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/05/31 12:0 a.m.20 views

CVE-2007-2945

RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb...

6.3AI score0.01444EPSS
Exploits0References6
Prion
Prion
added 2007/05/17 8:30 p.m.12 views

Improper access control

RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb...

5CVSS6.9AI score0.05159EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/05/17 8:0 p.m.20 views

CVE-2007-2753

RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb...

6.3AI score0.05159EPSS
Exploits0References2
Prion
Prion
added 2007/05/11 5:19 p.m.9 views

Design/Logic Flaw

Bradford CampusManager Network Control Application Server 3.16 allows remote attackers to obtain sensitive information backup, log, and configuration files via direct request for certain files in 1 /runTime/ or 2 /remediationReports/...

7.8CVSS6.8AI score0.0169EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/05/11 10:0 a.m.13 views

CVE-2007-2595

RSAuction 2.73.1.3 allows remote authenticated users to move their own account status from Suspended to Active via a direct request for the activation URL that is provided at the time of account registration. NOTE: the provenance of this information is unknown; the details are obtained solely fro...

6AI score0.01108EPSS
Exploits0References4
Prion
Prion
added 2007/04/30 11:19 p.m.15 views

Design/Logic Flaw

admin/sendmod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and listid fields; and send...

10CVSS7.2AI score0.08201EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder