167 matches found
cactushop-mdb.txt
Cactushop V6 allows remote users to download the database which contains creditcard numbers and critical information. The affected carts default installation gives away the path to database file. As a result, an attacker exploiting this vulnerability will be able to obtain detailed private custom...
CVE-2007-1192
Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat...
CVE-2007-0152
OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb...
CVE-2007-0152
OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb...
PT-2006-2225 · Php · Php Advanced Transfer Manager
Name of the Vulnerable Software and Affected Versions: PHP Advanced Transfer Manager versions 1.00 through 1.30 Description: The issue allows remote attackers to download sensitive information, including password hashes, due to insufficient access control. This is possible because the sensitive...
CVE-2004-1838
Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. dot dot in the URL...
blogtorrent.txt
Intro ----- Blogtorrent is a collection of PHP scripts which are designed to make it simple to host files for transfer via bittorrent. Whilst it is not normal to report security problems in "preview" releases of software this software was covered prominently upon Slashdot and could be widely used...