110 matches found
osCommerce Unprotected Admin Directory
The installation of osCommerce on the remote host apparently lets anyone access the application's admin directory, which means that they have complete administrative access to the site. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
CVE-2005-1510
PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message...
CVE-2005-1169
Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php...
CVE-2005-1169
CVE-2005-1169 affects the Mafia Blog .4 BETA package, where the admin directory is not properly protected. This allows remote attackers to execute arbitrary PHP code by abusing writeinfo.php to inject code into info.php. The flaw enables arbitrary code execution with no authentication required an...
Qualiteam X-Cart 3.x - Multiple Remote Information Disclosure Vulnerabilities
Qualiteam X-Cart 3.x - Multiple Remote Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/9563/info X-Cart has been reported to be prone to an issue that may allow remote attackers to view any web server readable files on the affected system. The issue is caused by a...
JBrowser 1.02.x - Unauthorized Admin Access
JBrowser 1.02.x - Unauthorized Admin Access source: https://www.securityfocus.com/bid/9537/info Due to a lack of access validation to the 'admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected...
ASP-DEV Discussion Forum 2.0 - Admin Directory Weak Default Permissions
ASP-DEV Discussion Forum 2.0 - Admin Directory Weak Default Permissions source: https://www.securityfocus.com/bid/8172/info It has been reported that a vulnerability exists in ASP-DEV Discussion Forum that exposes potentially sensitive information. Because of this, an attacker may be able to gain...
ASP-DEV Discussion Forum 2.0 - Admin Directory Weak Default Permissions
source: https://www.securityfocus.com/bid/8172/info It has been reported that a vulnerability exists in ASP-DEV Discussion Forum that exposes potentially sensitive information. Because of this, an attacker may be able to gain access to user credentials. User credentials are stored in the...
phpESP (php Easy Survey Package)
Product : phpESP php Easy Survey Package Version : 1.11 WebSite : http://acm.jhu.edu Problem : Access in dbase Description: ------------ In admin directory exist file phpEST.ini if we look this file we can see database dbpassword, dblogin, dbhost, dbname and other private info. phpESP.ini...
Phorum Discussion Board Security Bug (Email Disclosure)
Concerning latest Phorum version 3.3.2 A bug in the PHP based forum script Phorum makes it possible to obtain the email addresses of the 10 most active users. In the 'admin/' directory of the forum there is a script called 'stats.php' that allows administrators and anyone else, since there is no...