CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb...

5CVSS6.8AI score0.05231EPSS

Exploits1References1

RedhatCVE•added 2025/05/21 9:30 p.m.•4 views

CVE-2006-6974

Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 list files in the includes/ directory; obtain the SQL username and password via a direct request for 2 config.php and 3 config.php.bak in includes/; rea...

7.5CVSS7.5AI score0.009EPSS

Exploits1References1

RedhatCVE•added 2025/05/21 8:53 p.m.•3 views

CVE-2005-4859

mimicboard2 Mimic2 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mimic2.dat...

6.4CVSS6.8AI score0.00391EPSS

Exploits1References1

Zero Science Lab•added 2024/12/11 12:0 a.m.•321 views

ABB Cylon Aspect 3.08.01 Unauthenticated DB Download

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description An unauthenticated vulnerability in ABB Cylon Aspect BMS/BAS allows t...

5.8AI score

Exploits0

Tenable Nessus•added 2024/10/21 12:0 a.m.•4 views

Dolibarr 16.x < 16.0.5 Database Download

Dolibarr versions 16.x 16.0.5 suffer from an improper access control vulnerability, allowing a remote and unauthenticated attacker to access the target instance contact database, including public and private notes. No source data...

7.5CVSS7.4AI score0.8984EPSS

Exploits2References4

Vulnrichment•added 2024/04/25 8:39 a.m.•14 views

CVE-2024-25917 WordPress WP Setup Wizard plugin <= 1.0.8.1 - Auth. Full Database Download Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1...

8.8CVSS6.8AI score0.00343EPSS

Exploits0References1

Cvelist•added 2024/04/25 8:39 a.m.•19 views

CVE-2024-25917 WordPress WP Setup Wizard plugin <= 1.0.8.1 - Auth. Full Database Download Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1...

8.8CVSS8.8AI score0.00343EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 6:13 a.m.•1 views

SUSE CVE-2007-0078

BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb...

5CVSS8.9AI score0.00504EPSS

Exploits1References4

Zero Science Lab•added 2020/09/30 12:0 a.m.•152 views

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

5.8AI score

Exploits0

OSV•added 2020/08/25 10:15 p.m.•12 views

CVE-2020-19005

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly...

5.7CVSS6.8AI score

Exploits0References2

CNVD•added 2020/08/24 12:0 a.m.•2 views

ZKTeco FaceDepot and ZKBiosecurity Server Token Reuse Vulnerability

ZKTeco FaceDepot is a face attendance system. A token reuse vulnerability exists in ZKTeco FaceDepot version 7B 1.0.213 and ZKBiosecurity Server version 1.0.020190723, which can be exploited by a remote attacker to submit a special request to create arbitrary users, elevate privileges, and downlo...

9.8CVSS7.1AI score0.00377EPSS

Exploits1References1

CVE•added 2020/08/14 7:22 p.m.•75 views

CVE-2020-17474

CVE-2020-17474 concerns a token-reuse vulnerability affecting ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723. The connected documents confirm that a token reuse flaw can enable a remote attacker to submit crafted requests to create arbitrary new users, escalate privileges to ...

9.8CVSS9.2AI score0.00377EPSS

Exploits1References1Affected Software1

CVE•added 2020/05/07 8:31 p.m.•66 views

CVE-2020-10794

Gira TKS-IP-Gateway 4.0.7.7 is affected by an unauthenticated path traversal vulnerability that lets an attacker download the application database. This CVE (CVE-2020-10794) is linked to CVE-2020-10795, which describes authenticated remote code execution via the backup web frontend and could enab...

9.8CVSS7.2AI score0.01354EPSS

Exploits1References1Affected Software1

CNVD•added 2020/01/08 12:0 a.m.•1 views

Arbitrary File Download Vulnerability in School Worry-Free Teacher Evaluation System

The Schoolfree Teacher Evaluation System is a school teaching management system. There is an arbitrary file download vulnerability in the System, which can be exploited by an attacker to download the website database and obtain sensitive information in the database...

6.7AI score

Exploits0