CVE-2006-4772

HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc...

CVE-2006-2946

CVE-2006-2946 affects Dmx Forum 2.1a, where the file path _includes/bd.inc is stored under the web root with insufficient access control. This allows remote attackers to access the database credentials (username and password). The NVD entry notes a network attack with low complexity and a partial...

[Full-disclosure] [Info Disclosure] Diesel PHP Job Site Latest Version

Subject: Info Disclosure Diesel PHP Job Site Latest Version Severity: Pretty Bad Title: Diesel PHP Job Site Latest Version Information Disclosure Home Page: http://www.dieselscripts.com/ Product Page: http://www.dieselscripts.com/diesel-job-site.html Date: May 17, 2006 Synopsis: ========= When an...

adv28-K-159-2006.txt

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV28$2006 --------------------------------------------------------------------------- ECHOADV28$2006 Clever Copy = 3.0 Connect.inc Critical Information Disclosure...

Improper access control

Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc...

CVE-2002-1886

TightAuction 3.0 is affected by an access-control misconfiguration where config.inc is stored under the web document root, allowing remote attackers to obtain the database username and password. The root cause is insufficient access control on the configuration file. Current documents do not spec...

CVE-2005-2029

amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file...

CVE-2004-1758

BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges...

[UNIX] MyCart Discloses Settings Information to Remote Users

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2004-2323

DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...

pmc.pl.txt

| | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. phpMyChat remote sploit by sysbug C:\Perl\binperl pmc.pl www.kublooddrive.com /chat / Mysql dump : CDBHOST : localhost CDBNAME : jhawkpchat1 CDBUSER : jhawkpchat1 CDBPASS : vvejTjeLgB Adding Admin .... login:jhawk pwd:owned /...

phpMyChat 0.14.5 - Remote Improper File Permissions

| | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. phpMyChat remote sploit by sysbug C:\Perl\binperl pmc.pl www.kublooddrive.com /chat / Mysql dump : CDBHOST : localhost CDBNAME : jhawkpchat1 CDBUSER : jhawkpchat1 CDBPASS : vvejTjeLgB Adding Admin .... login:jhawk pwd:owned /...

phpMyChat 0.14.5 Remote Improper File Permissions Exploit

No description provided by source. | | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. phpMyChat remote sploit by sysbug C:\Perl\binperl pmc.pl www.kublooddrive.com /chat / Mysql dump : CDBHOST : localhost CDBNAME : jhawkpchat1 CDBUSER : jhawkpchat1 CDBPASS : vvejTjeLgB Adding...

Debian DSA-335-1 : mantis - incorrect permissions

mantis, a PHP/MySQL web-based bug tracking system, stores the password used to access its database in a configuration file which is world-readable. This could allow a local attacker to read the password and gain read/write access to the database. %NASLMINLEVEL 70300 C Tenable Network Security, In...

CVE-2004-1758

BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges...

MySQL AB ODBC Driver 3.51 - Plain Text Password

source: https://www.securityfocus.com/bid/8245/info A vulnerability has been reported in the MySQL AB ODBC Open Data Base Connectivity driver implementation. The MySQL ODBC driver reportedly stores plain text credentials used to connect to the specified database in the system registry. These...

eZ Publish settings/site.ini Configuration Disclosure

eZ Publish, a content management system, is installed on the remote host. A remote attacker can retrieve the file 'settings/site.ini', which contains information such as database name, username, and password. This information could be used to mount further attacks. This version of eZ Publish also...

phpESP (php Easy Survey Package)

Product : phpESP php Easy Survey Package Version : 1.11 WebSite : http://acm.jhu.edu Problem : Access in dbase Description: ------------ In admin directory exist file phpEST.ini if we look this file we can see database dbpassword, dblogin, dbhost, dbname and other private info. phpESP.ini...

CVE-2002-1886

TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password...

TightAuction 3.0 - Config.INC Information Disclosure

source: https://www.securityfocus.com/bid/5850/info TightAuction is prone to an information disclosure vulnerability. The configuration file config.inc contains sensitive information such as database authentication credentials. It is possible for remote attackers to retrieve this file via a web...