Lucene search
K

86 matches found

Prion
Prion
added 2009/06/05 6:30 p.m.14 views

Improper access control

PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt...

5CVSS6.8AI score0.02286EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2009/06/05 6:30 p.m.20 views

CVE-2009-1941

PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt...

5CVSS6.3AI score0.02286EPSS
Exploits0References2
CVE
CVE
added 2009/06/05 6:13 p.m.37 views

CVE-2009-1941

CVE-2009-1941 affects PAD Site Scripts 3.6. The vulnerability arises from storing sensitive information under the web document root with insufficient access control, allowing remote attackers to download the database via a direct request for dbbackup.txt. Impact is consistent with the CVSS v2 bas...

5CVSS6.5AI score0.02286EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2008/04/28 6:21 p.m.20 views

CVE-2008-2003

BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to 1 cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via 2 badblue.exe and 3 dyndns.exe. NOTE: this can be...

7.6AI score0.02837EPSS
Exploits0References3
CVE
CVE
added 2007/10/28 4:0 p.m.33 views

CVE-2007-5685

The CVE-2007-5685 issue affects the shttp project’s safe_path function, vulnerable before version 0.0.5. The function allows directory traversal when processing a sequence mixing ".." and sub-directories, resolving to a path at or below the web document root but located elsewhere in the tree. Thi...

5CVSS6.6AI score0.03477EPSS
Exploits1References6Affected Software1
Packet Storm
Packet Storm
added 2007/10/25 12:0 a.m.27 views

shttp004-traverse.txt

The most recent version of this advisory including any updates is available at: http://www.digineo.co.uk/shttpdirectorytraversal Directory Traversal Flaw in shttp --------------------------------- Affected product: shttp Product vendor: Vito Caputo - http://serverkit.org/modules/contrib/shttp/...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2007/10/20 10:0 a.m.14 views

CVE-2003-1401

login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request...

6.2AI score0.01757EPSS
Exploits1References3
CVE
CVE
added 2007/10/20 10:0 a.m.39 views

CVE-2003-1423

Vulnerability summary: Petitforum stores the liste.txt data file under the web document root with insufficient access control, allowing remote attackers to obtain sensitive information (e-mails and encrypted passwords). Root cause: improper access restrictions on the data file within the web root...

5CVSS6.7AI score0.01147EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2007/10/20 10:0 a.m.20 views

CVE-2003-1404

DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords...

6.8AI score0.01359EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2007/10/04 4:17 p.m.27 views

CVE-2007-5193

The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory cfgRCSWorkAreaDir under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied...

5CVSS5.9AI score0.01631EPSS
Exploits0References1
CVE
CVE
added 2007/10/04 4:0 p.m.45 views

CVE-2007-5193

Twiki 4.1.2 on Debian GNU/Linux (and possibly other OS) has a default configuration that places the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root. This may allow remote attackers to obtain sensitive information if .htaccess restrictions are not applied. Public details co...

5CVSS6.4AI score0.01631EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/10/04 4:0 p.m.22 views

CVE-2007-5193

The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory cfgRCSWorkAreaDir under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied...

6.4AI score0.01631EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/03/06 1:0 a.m.21 views

CVE-2006-7114

P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888...

6.3AI score0.02424EPSS
Exploits0References3
Prion
Prion
added 2007/01/31 11:28 a.m.20 views

Code injection

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php...

5CVSS7.1AI score0.03499EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2007/01/31 11:0 a.m.22 views

CVE-2007-0620

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php...

6.6AI score0.03499EPSS
Exploits1References7
Cvelist
Cvelist
added 2007/01/09 6:0 p.m.25 views

CVE-2007-0156

M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb...

6.2AI score0.01353EPSS
Exploits0References4
NVD
NVD
added 2006/10/03 4:3 a.m.27 views

CVE-2006-5117

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...

5CVSS6.1AI score0.0136EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/09/07 12:0 a.m.17 views

CVE-2006-4595

muforum µforum 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes...

6.4AI score0.01445EPSS
Exploits1References5
NVD
NVD
added 2006/08/01 10:4 p.m.23 views

CVE-2006-3965

Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords...

5CVSS6.3AI score0.01205EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/08/01 10:0 p.m.28 views

CVE-2006-3965

Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords...

6.3AI score0.01205EPSS
Exploits0References1
Rows per page
Query Builder