CVE-2010-3909

Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct reques...

Improper access control

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb...

Information disclosure

Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function...

CVE-2009-4961

Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function...

CVE-2010-2685

siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request...

CVE-2010-2116

The web interface in McAfee Email Gateway formerly IronMail 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do...

CVE-2009-4876

admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter...

CVE-2009-4876

CVE-2009-4876 affects Netrix CMS 1.0, where admin/cikkform.php can be abused to modify arbitrary pages via a direct request using the cid parameter. The vulnerability allows remote modification without authentication according to the description. No exploitation details or patch information are p...

CVE-2009-4876

admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter...

Improper access control

Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb...

Information disclosure

Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message...

Unrestricted file upload

Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/...

Improper access control

Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 artiklerprod.mdb or 2 medlemmer.mdb...

CVE-2009-4799

Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 artiklerprod.mdb or 2 medlemmer.mdb...

Improper access control

CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/hikaye.mdb...

CVE-2010-1334

Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different...

CVE-2010-0993

Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified...

Improper access control

Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb...

Improper access control

LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb...

Improper access control

Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb...