7 matches found
EUVD-2006-0378
Malware in sbrugna...
CVE-2006-0371
Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. dot dot in the post parameter...
Improper access control
Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes...
CVE-2006-0370
Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes...
CVE-2006-0371
CVE-2006-0371 concerns RCBlog 1.03 (PHP) where index.php accepts a post parameter that is not properly sanitized, enabling a directory traversal attack. An attacker can use a .. in the post parameter to read arbitrary .txt files on the remote host, potentially exposing sensitive data such as the ...
CVE-2006-0370
Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes...
CVE-2006-0370
RCBlog 1.03 is affected by CVE-2006-0370 due to insufficient access control that allows remote attackers to view account names and MD5 password hashes by accessing data and config directories under the web root. OpenVAS/Nessus entries corroborate a related directory traversal/vector in RCBlog’s P...