86 matches found
Improper access control
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt...
CVE-2009-1941
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt...
CVE-2009-1941
CVE-2009-1941 affects PAD Site Scripts 3.6. The vulnerability arises from storing sensitive information under the web document root with insufficient access control, allowing remote attackers to download the database via a direct request for dbbackup.txt. Impact is consistent with the CVSS v2 bas...
CVE-2008-2003
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to 1 cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via 2 badblue.exe and 3 dyndns.exe. NOTE: this can be...
CVE-2007-5685
The CVE-2007-5685 issue affects the shttp project’s safe_path function, vulnerable before version 0.0.5. The function allows directory traversal when processing a sequence mixing ".." and sub-directories, resolving to a path at or below the web document root but located elsewhere in the tree. Thi...
shttp004-traverse.txt
The most recent version of this advisory including any updates is available at: http://www.digineo.co.uk/shttpdirectorytraversal Directory Traversal Flaw in shttp --------------------------------- Affected product: shttp Product vendor: Vito Caputo - http://serverkit.org/modules/contrib/shttp/...
CVE-2003-1401
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request...
CVE-2003-1423
Vulnerability summary: Petitforum stores the liste.txt data file under the web document root with insufficient access control, allowing remote attackers to obtain sensitive information (e-mails and encrypted passwords). Root cause: improper access restrictions on the data file within the web root...
CVE-2003-1404
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords...
CVE-2007-5193
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory cfgRCSWorkAreaDir under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied...
CVE-2007-5193
Twiki 4.1.2 on Debian GNU/Linux (and possibly other OS) has a default configuration that places the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root. This may allow remote attackers to obtain sensitive information if .htaccess restrictions are not applied. Public details co...
CVE-2007-5193
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory cfgRCSWorkAreaDir under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied...
CVE-2006-7114
P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888...
Code injection
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php...
CVE-2007-0620
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php...
CVE-2007-0156
M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb...
CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
CVE-2006-4595
muforum µforum 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes...
CVE-2006-3965
Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords...
CVE-2006-3965
Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords...