ZDI-07-060: HP OpenView Radia Integration Server File System Exposure Vulnerability

ZDI-07-060: HP OpenView Radia Integration Server File System Exposure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-060.html October 23, 2007 -- CVE ID: CVE-2007-5413 -- Affected Vendor: Hewlett-Packard -- Affected Products: HP OpenView Radia Integration Server -- TippingPointT...

Hewlett-Packard OpenView Radia Integration Server File System Exposure Vulnerability

This vulnerability allows remote attackers to access arbitrary files on systems with vulnerable installations of Hewlett-Packard OpenView Radia Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server bound by default to TCP...

FreeBSD : drupal --- multiple vulnerabilities (9c00d446-8208-11dc-9283-0016179b2dd5)

The Drupal Project reports : In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...

PHP JackKnife 2.21 - '(PHPJK) G_Display.php?iCategoryUnq' SQL Injection

source: https://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the...

cpcommerce < v1.1.0 [sql injection]

vendor site:http://cpcommerce.cpradio.org/ product:cpcommerce v1.1.0 bug: sql injection risk : high note:works regardless of php.ini settings . http://127.0.0.1/cpcommerce/manufacturer.php?idmanufacturer=-9//union//select//pass,LOADFILE0x2F6574632F706173737764,0//from//cpAccounts/ //result:...

Improper access control

Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/commondb.inc...

CVE-2007-0880

Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/commondb.inc...

CVE-2007-0880

Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/commondb.inc...

CVE-2007-0880

CVE-2007-0880 describes an access-control flaw where the application stores sensitive information under the web root, enabling remote attackers to retrieve database credentials by directly requesting inc/common_db.inc. The document set confirms the affected vector as an unauthenticated direct req...

CVE-2007-0792

The modperl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file...

Design/Logic Flaw

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials...

CVE-2007-0659

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials...

CVE-2007-0659

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials...

TorrentFlux 2.2 Database Credentials Exposure Exploit

No description provided by source. Description: TorrentFlux fails to sanitise the variable "alias" in downloaddetails.php. This allows an attacker to include any file they want; the contents is displayed at in the spaces provided and the remaning data is displayed as error messages on the page...

CVE-2006-6254

administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content source code of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conncahierdetexte.php. NOTE: it is not clear...

CVE-2006-5381

Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to 1 dbmsql.inc, 2 dbmssql.inc, 3 dbmysqli.inc, 4 dboci8.inc, 5 dbodbc.inc, 6 dboracle.inc, 7 dbpgsql.in...

CVE-2006-5381

CVE-2006-5381 : Contenido CMS stores sensitive data under the web root with insufficient access control, enabling remote attackers to obtain database credentials and other information via direct requests to8 files in the conlib/ directory (db_msql.inc, db_mssql.inc, db_mysqli.inc, db_oci8.inc, db...

CVE-2006-5381

Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to 1 dbmsql.inc, 2 dbmssql.inc, 3 dbmysqli.inc, 4 dboci8.inc, 5 dbodbc.inc, 6 dboracle.inc, 7 dbpgsql.in...

CVE-2006-4772

HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc...

CVE-2006-4772

HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc...