CVE-2009-2358

TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file...

CVE-2009-2358

TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file...

DEBIAN-CVE-2008-6756

ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file...

CVE-2008-5956

Wbstreet aka PHPSTREET Webboard 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc...

Improper access control

Wbstreet aka PHPSTREET Webboard 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc...

CVE-2008-5956

Wbstreet aka PHPSTREET Webboard 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc...

CVE-2008-5956

CVE-2008-5956 affects Wbstreet (PHPSTREET Webboard) 1.0. The root cause is improper access control that leaves sensitive data under the web root, enabling remote attackers to retrieve database credentials by requesting connect.inc directly. Public references note that the issue has exploitable ch...

QuoteBook (poll.inc) Remote Config File Disclosure Vulnerability

No description provided by source. -----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

BlogHelper (common_db.inc) Remote Config File Disclosure Vulnerability

No description provided by source. ...... Remote Config File Disclosure ---------------------------------------------------- script: BlogHelper download from:http://www.freedville.com/oss/BlogHelper.zip vul: www.site.com/path/commondb.inc ................................ $dbhost = ""; $dbusername...

Improper access control

Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...

CVE-2008-5853

Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...

CVE-2008-5853

Chilek Content Management System aka ChiCoMaS 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain database credentials via a direct request for config.inc or 2 read database backups via a request for a backu...

CVE-2008-5853

CVE-2008-5853 affects Chilek Content Management System (ChiCoMaS) 2.0.4 and earlier. The vulnerability arises from storing sensitive information under the web root with insufficient access control, allowing remote attackers to (1) obtain database credentials via a direct request for config.inc, a...

CVE-2008-5107

The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files...

Design/Logic Flaw

The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files...

CVE-2008-5107

The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files...

CVE-2008-5107

CVE-2008-5107 affects Citrix Presentation Server 4.5 and Citrix Desktop Server 1.0. When MSI logging is enabled, the installation process stores database credentials in MSI log files, allowing local users to read them and obtain credentials. Root cause described as the logging process exposing se...

atmail-disclose.txt

!/usr/bin/perl LEGAL: Permission is granted to freely reproduce this document in its entirety under the condition that the contents are not altered in any way. milw0rm IS permitted to add their standard footer: // milw0rm.com / date Permission to view or reproduce this file is NOT granted to any...

Design/Logic Flaw

PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output...

CVE-2008-0297

PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output...