CVE-2008-5886

TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for private/discussion.mdb. NOTE: some of these details are obtained from third part...

CVE-2008-5901

iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party informatio...

Improper access control

TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for private/discussion.mdb. NOTE: some of these details are obtained from third part...

Improper access control

CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for private/CAArticles.mdb. NOTE: some of these details are obtained from...

Improper access control

The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third...

Improper access control

CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for private/CARateMySite.mdb. NOTE: some of these details are obtained...

Improper access control

iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party informatio...

Improper access control

CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for private/CAFreeWallpaper.mdb. NOTE: some of these details are...

Improper access control

CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for private/CADirectory.mdb. NOTE: some of these details are obtained fr...

CVE-2008-5901

iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party informatio...

CVE-2008-5900

CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for private/CAArticles.mdb. NOTE: some of these details are obtained from...

Plunet BusinessManager 4.1 - pagesUTF8auftrag_job.jsp?Pfad Direct Request Information Disclosure

Plunet BusinessManager 4.1 - pagesUTF8auftragjob.jsp?Pfad Direct Request Information Disclosure...

Plunet BusinessManager 4.1 - 'pagesUTF8/Sys_DirAnzeige.jsp?Pfad' Direct Request Information Disclosure

source: https://www.securityfocus.com/bid/33153/info Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of a...

Improper access control

myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt...

CVE-2008-5852

Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb...

CVE-2008-5853

Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...

CVE-2008-5855

myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt...

CVE-2008-5852

Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb...

Improper access control

Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb...

Improper access control

Simple Text-File Login Script SiTeFiLo 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slogusers.txt...