EUVD-2019-20141

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

CVE-2019-25709

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

EUVD-2010-0791

Malware in sbrugna...

EUVD-2007-0098

Malware in sbrugna...

EUVD-2006-6333

Malware in sbrugna...

EUVD-2008-6965

Malware in sbrugna...

EUVD-2007-3138

Malware in sbrugna...

EUVD-2007-0158

Malware in sbrugna...

EUVD-2006-3774

Malware in sbrugna...

Erim Upload 4 Database Disclosure

==================================================================================================================================== | Title : Erim Upload V4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

CVE-2020-10794

Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access...

CVE-2019-7667

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...

CVE-2010-4145

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb...

CVE-2010-1067

E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb...

CVE-2010-1064

Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb...

CVE-2010-0965

Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb...

CVE-2009-1941

PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt...

Improper access control

PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 poll.mdb or 2 poll97.mdb...

BandSite CMS 1.1.4 - Download Backup / Cross-Site Scripting / Cross-Site Request Forgery

BandSite CMS 1.1.4 Arbitrary Download Database/XSS/CSRF + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN + Arbitrary Download Database Go to http://localhost/Path/adminpanel/phpmydump.php and the download will begin database.sql . +...