1284 matches found
Code injection
Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the 1 title or 2 date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is...
CVE-2008-6147
ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 data/8690.mdb or 2 data/8690BAK.mdb...
Improper access control
ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 data/8690.mdb or 2 data/8690BAK.mdb...
CVE-2009-0571
admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory...
Information disclosure
Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...
Improper access control
Virtual GuestBook vgbook 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb...
CVE-2009-0498
Virtual GuestBook vgbook 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb...
CVE-2009-0498
Virtual GuestBook vgbook 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb...
Unrestricted file upload
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...
CVE-2008-6084
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...
CVE-2008-6051
MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request...
Improper access control
PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request...
Improper access control
MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request...
Improper access control
PreProjects Pre E-Learning Portal stores dbelearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request...
Improper access control
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request...
Improper access control
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request...
CVE-2008-6051
MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request...
Design/Logic Flaw
Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions...
Unrestricted file upload
Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file...
CVE-2009-0372
Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file...