Logic Flaw Vulnerability in CareyShop of Ningbo Humen Technology Co.

CareyShop is a high-performance open source mall framework system based on ThinkPHP framework development. Ningbo Humen Technology Co. CareyShop has a logic flaw vulnerability that can be exploited by an attacker to read the database configuration file...

xiycms backend has arbitrary file read vulnerability

xiycms is an open source and free enterprise content management system. xiycms backend has an arbitrary file read vulnerability. An attacker can exploit the vulnerability to read the database configuration file...

CVE-2019-19018

An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using...

Jfinal cms back-end template management system exists arbitrary file read vulnerability

Jfinal cms uses JFinal as a web framework , template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Jfinal cms back-end template management system there are arbitrary file reading vulnerability. Attackers can use this vulnerability to read the database...

Arbitrary File Read Vulnerability in iWebShop

iWebShop open source mall system is a PHP language and MYSQL database based on the development of B2B2C single-user and multi-user open source mall system . The system is divided into front-end , back-office and merchant . iWebShop arbitrary file read vulnerability , an attacker can use the...

Chamilo 1.8.7 / Dokeos 1.8.6 - Remote File Disclosure

No description provided by source. Title: Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure Date: 2011/01/31 Author: beford Software Link: http://www.dokeos.com/download/dokeos-1.8.6.1.zip http://chamilo.googlecode.com/files/chamilo-1.8.7.1-stable.tar.gz Affected products ================= Doke...

Atmail Email Server WebAdmin Control Panel dbconfig.ini Information Disclosure

The remote web server hosts a version of Atmail Webmail that fails to properly restrict access to its database configuration file. A remote, unauthenticated attacker could obtain database connection information and then leverage this data to assist in further attacks. %NASLMINLEVEL 70300 C Tenabl...

dede 0day exploit tips-vulnerability warning-the black bar safety net

By: the zafe Encountered can write non-executable, the executable is not writable by the station maybe used on the dede:phpcopy'../data/common.inc.php','../data/cache/test.txt';/dede:php 然后 去 xxx.com/data/cache/test.txt 看 数据库 信息 If is a root then happy. If you are a regular user, first see what a...

Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure

Exploit for php platform in category web applications Title: Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure Date: 2011/01/31 Author: beford Software Link: http://www.dokeos.com/download/dokeos-1.8.6.1.zip http://chamilo.googlecode.com/files/chamilo-1.8.7.1-stable.tar.gz Affected products...

Sulata iSoft (stream.php)local file inclusion vulnerability-vulnerability warning-the black bar safety net

Vulnerability type: a file that contains Vulnerability description: the stream. php download function to the path the filter is not strict, resulting in a local loading for any file with vulnerabilities. Vulnerability analysis: stream.php ..... //the includeonce"../home/library.php"; the...