Improper access control

E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb...

CVE-2010-1064

Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb...

CVE-2010-1066

AR Web Content Manager AWCM 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/dbbackup.php...

Improper access control

Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat3.mdb...

Improper access control

KMSoft Guestbook aka GBook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb...

Improper access control

PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb...

CVE-2010-0977

PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb...

Improper access control

Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb...

CVE-2010-0123

The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name."...

Improper access control

fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/forumFips.mdb...

CVE-2010-0682

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter...

Design/Logic Flaw

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter...

CVE-2010-0681

ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql...

Improper access control

StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb...

Improper access control

JAG Just Another Guestbook 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql...

phpBazar 'classified.php' SQL Injection Vulnerability

The host is running phpBazar and is prone to SQL Injection vulnerability. OpenVAS Vulnerability Test $Id: gbphpbazarsqlinjvuln.nasl 5323 2017-02-17 08:49:23Z teissa $ phpBazar 'classified.php' SQL Injection Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone Networks GmbH,...

CVE-2010-0390

Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extensio...

Unrestricted file upload

Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extensio...

CVE-2010-0366

Multiple unrestricted file upload vulnerabilities in 1 register.php and 2 addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a...

CVE-2009-4585

UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb...