264 matches found
CVE-2004-2608
SmartWebby Smart Guest Book stores SmartGuestBook.mdb aka the "news database" under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account...
CVE-2005-3766
Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files...
CVE-2005-3766
Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files...
IIS IDA/IDQ Path Disclosure
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. An attacker may use this flaw to gain more information about the remote host, and hence make more focused attacks. OpenVAS Vulnerability Test $Id:...
CVE-2005-3414
eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials...
CVE-2005-3414
eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials...
CVE-2005-2443
Kshout 2.x and 3.x stores settings.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords...
CVE-2005-2443
Kshout 2.x and 3.x stores settings.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords...
CVE-2005-2229
Blog Torrent 0.92 and earlier stores sensitive files under the web document root (in the data or torrents directories) with insufficient access control, enabling remote bidders to obtain sensitive information such as account names and password hashes (e.g., via data/newusers). Affected software: ...
CVE-2005-2005
Ultimate PHP Board UPB 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat...
CVE-2005-2005
Ultimate PHP Board UPB 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat...
CVE-2005-1892
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via 1 a direct request to footnews.php, which triggers an infinite loop, or 2 direct requests to unknown scripts, which reveals the web document root in an error message...
CVE-2005-1893
CVE-2005-1893 affects FlatNuke 2.5.3. The vulnerability arises when a remote attacker supplies invalid parameters to certain scripts, causing an error message that leaks the web document root. The available documents describe the impact as an information disclosure vulnerability (partial confiden...
CVE-2005-1893
FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message...
CVE-2005-1733
Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt...
CVE-2005-1645
Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...
CVE-2005-1601
MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties...
CVE-2005-1367
Pico Server pServ 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root...
CVE-2005-1586
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to 1 db/users.txt, 2 db/banList.txt, 3 db/censureWords.txt, or ...
CVE-2005-1136
Simple PHP Blog sphpBlog 0.4.0 stores the 1 password.txt and 2 config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files...