626 matches found
PHP-Board 1.0 - User Password Disclosure
source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative...
[UNIX] ADP Forum Security Vulnerabilities
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...
CVE-2002-0614
PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server...
PHP 4.x session spoofing
Hi, +-------------------+ | What are sessions | +-------------------+ A session ID is required to identify people. It is passed over to the browser and then is either part of the url or is stored as a cookie. With every request the browser also sends this ID over to the server which makes is...
Дырка в The Bat! (обратный путь в директориях)
Если The Bat! сконфигурирован на отдельное хранение вложенных файлов, если имя файла зашифровано согласно RFC 2047 base 64 или Quoted Printable и содержит '..' то файл будет помещен в директорию более высокого уровня, что позволяет сохранить файл в любой каталог на том же диске...
CVE-2000-0575
SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS...