CVE-2020-37004

Ultimate Project Manager CRM PRO 2.0.5 is affected by a blind SQL injection vulnerability in the /frontend/get_article_suggestion/ endpoint. An attacker can craft malicious search parameters to perform boolean-based inference and progressively extract usernames and password hashes from the tbl_us...

EUVD-2007-4244

Malware in sbrugna...

Improper access control

EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download 1 a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or 2 a file containing username hashes and...

CVE-2007-4261

EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download 1 a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or 2 a file containing username hashes and...

CVE-2007-4261

EZPhotoSales 1.9.3 and earlier stores sensitive data under the web root with weak access control, enabling remote retrieval of (1) a file with cleartext passwords at OnlineViewing/data/galleries.txt and (2) a file with username/password hashes at OnlineViewing/configuration/config.dat/. The secon...

CVE-2007-4261

EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download 1 a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or 2 a file containing username hashes and...