1284 matches found
CVE-2008-6870
Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to 1 config.asp and 2 users.asp...
Improper access control
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request...
Improper access control
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini...
CVE-2008-6869
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini...
Design/Logic Flaw
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request...
CVE-2009-2558
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request...
Information disclosure
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message...
Improper access control
The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini...
CVE-2009-2274
The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to 1 lanstatusadv.asp, 2 wlanbasiccfg.asp, or 3 lancfg.asp in en/, related to use of JavaScript to protect against reading file contents...
Design/Logic Flaw
Elvin 1.2.0 allows remote attackers to read the PHP source code of 1 login.ei, 2 jumpbug.ei, or 3 createaccount.ei in inc/ via a direct request...
CVE-2009-2130
Elvin 1.2.0 allows remote attackers to read the PHP source code of 1 login.ei, 2 jumpbug.ei, or 3 createaccount.ei in inc/ via a direct request...
Authentication flaw
admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manageadmin action in a direct request...
Improper access control
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for fipsdb/db.mdb...
Improper access control
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt...
CVE-2009-2022
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for fipsdb/db.mdb...
CVE-2009-2022
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for fipsdb/db.mdb...
CVE-2009-2024
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt...
CVE-2009-1941
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt...
Improper access control
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb...
CVE-2009-1821
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb...