Blackboard Transact database credentials disclosure

Overview The Blackboard Transact application contains two vulnerabilities that allow an unauthorized user to access the database credentials. Description The Blackboard Transact application previously know as Blackboard Commerce Suite comes with a utility called BbtsConnectionEdit.exe that is use...

vBulletin Database Credentials Information Disclosure

The version of vBulletin running on the remote host has an information disclosure vulnerability. Requesting 'faq.php' with a search term of 'database' results in the disclosure of the database credentials. An unauthenticated, remote attacker could exploit this to learn the database credentials,...

HP Intelligent Management Center Database Credentials Information Disclosure

HP 3Com IMC is a modular management system designed to integrate the management of devices, services and users. An information disclosure vulnerability has been reported in HP Intelligent Management Center IMC. A remote attacker may exploit this issue via a specially crafted HTTP request, to...

vBulletin 3.8.6 Credential Disclosure

Versions Affected: 3.8.6 Only! Info: Content publishing, search, security, and more—vBulletin has it all. Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money. Learn more about what makes vBulletin the choice for people who are serious about creating...

WordPress Plugin Firestats - Remote Configuration File Download

WordPress Plugin Firestats - Remote Configuration File Download Exploit Title: Wordpress firestats remote configuration file download Date: 2010-07-09 Author: Jelmer de Hen Software Link: http://firestats.cc/ Version: 1.6.5 Tested on: PHP Do a simple GET request to this file:...

CVE-2010-0984

Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat3.mdb...

CVE-2010-0984

Acidcat CMS up to version 3.5.3 stores sensitive data under the web root with insufficient access control, allowing remote attackers to download a credentials database (databases/acidcat_3.mdb) via a direct request. This causes Confidentiality impact as described in CVE-2010-0984 (NVD): base CVSS...

Jumi Component for Joomla! <= 2.0.5 Backdoor Detection

The version of Joomla! running on the remote host is affected by a backdoor that is part of a trojan installation of Jumi, a third-party component used for including custom code into Joomla!. An unauthenticated, remote attacker can exploit this backdoor, by using specially crafted input to the...

Improper access control

Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql...

CVE-2008-7069

All Club CMS ACCMS 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat...

CVE-2008-7080

Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql...

CVE-2008-7080

Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql...

Design/Logic Flaw

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php...

CVE-2008-6960

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php...

DSA-1856-1 mantis - information leak

Bulletin has no description...

MODx config.js.php Information Disclosure

The remote web server is running MODx, an open source content management system. The version of MODx installed on the remote host fails to limit access to the 'core/model/modx/processors/system/config.js.php' script before returning the application's configuration settings, including database...

TikiWiki tiki-graph_formula Remote PHP Code Execution

TikiWiki 'TikiWiki tiki-graphformula Remote PHP Code Execution', 'Description' = %q TikiWiki 'Matteo Cantoni ', 'jduck' , 'License' = MSFLICENSE, 'References' = 'CVE', '2007-5423', 'OSVDB', '40478', 'BID', '26006', , 'Privileged' = false, 'Payload' = 'DisableNops' = true, 6k. Really...

CVE-2008-6869

Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini...

CVE-2008-6869

Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini...

Design/Logic Flaw

TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file...