2933 matches found
CVE-2006-2755
Cross-site scripting XSS vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords...
CVE-2006-2755
Cross-site scripting XSS vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords...
уязвимость в Sad Raven's guestbook
доброе время суток. Недавно я нашел уязвимость в Sad Raven's guestbook версии 1.1, которая позволяет любому пользователю получить доступ в админ-центр. Заранее прошу извинить, если эту уязвимость уже кто-то нашел, но я не нашел нигде о ней никакого упоминания. Все говорят только о том, что пароли...
confixx_exploit.pl.txt
sry - i know this isn't a cvs repository here - but the code posted yesterday was written after some 'b33r' an i made it looking a little less drunk this morning. bye defa ----BOF---- !/usr/bin/perl exploit for confixx professional = 3.1.2 the vulerability was discovered by: LoK Crew references:...
CVE-2006-1412
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd...
Improper access control
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd...
CVE-2006-1412
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd...
EUVD-2006-1416
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd...
Nodez <= 4.6.1.1 Mercury Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ======================================================== Nodez = 4.6.1.1 Mercury Multiple Remote Vulnerabilities ======================================================== !/usr/bin/php -q -d shortopentag=on ? echo "Nodez 4.6.1.1 Mercury...
Nodez <= 4.6.1.1 Mercury Multiple Remote Vulnerabilities
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Nodez 4.6.1.1 Mercury possibly prior versions multiple vulnerabilities\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; / software: site: nodez.greentinted.com/...
Improper access control
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/USERNAME file...
CVE-2006-1209
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/USERNAME file...
CVE-2006-1207
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/USERNAME file...
CVE-2006-1207
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/USERNAME file...
CVE-2006-1209
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/USERNAME file...
CVE-2006-1209
The CVE concerns PHP Advanced Transfer Manager (versions 1.00–1.30). The root cause is insufficient access control that stores sensitive data (including password hashes) under the web root. This enables remote attackers to retrieve password hashes by directly requesting a users/[USERNAME] file. C...
CVE-2006-1207
The CVE-2006-1207 issue affects PHP Upload Center. The vulnerability arises because password hashes are stored under the web root with insufficient access control, allowing remote attackers to download each password hash via a direct request to upload/users/[USERNAME]. The available documents des...
PT-2006-2223 · Php · Php Upload Center
Name of the Vulnerable Software and Affected Versions: PHP Upload Center affected versions not specified Description: The issue allows remote attackers to download password hashes due to insufficient access control. Specifically, password hashes are stored under the web root, making them accessib...
CVE-2006-1164
Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat...