EUVD-2002-1865

Malware in sbrugna...

CVE-2002-1886

TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password...

TightAuction 3.0 Config.INC Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5850/info TightAuction is prone to an information disclosure vulnerability. The configuration file config.inc contains sensitive information such as database authentication credentials. It is possible for remote attackers...

CVE-2002-1886

TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password...

CVE-2002-1886

TightAuction 3.0 is affected by an access-control misconfiguration where config.inc is stored under the web document root, allowing remote attackers to obtain the database username and password. The root cause is insufficient access control on the configuration file. Current documents do not spec...

CVE-2002-1886

TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password...

Multiple Web Security Holes

I sent this three times to webappsec but without resultats. I try so on bugtraq, although that is less appropriate. ----------------------------------------------------- Five products in PHP are vulnerable to various holes. 1 TightAuction Website : http://www.tightprices.com Tested Version : 3.0...