Lucene search
K

103 matches found

NVD
NVD
added 2005/06/16 4:0 a.m.15 views

CVE-2005-2005

Ultimate PHP Board UPB 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat...

5CVSS6.2AI score0.01212EPSS
Exploits0References2
NVD
NVD
added 2005/06/09 4:0 a.m.12 views

CVE-2005-1892

FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via 1 a direct request to footnews.php, which triggers an infinite loop, or 2 direct requests to unknown scripts, which reveals the web document root in an error message...

6.4CVSS6.7AI score0.02157EPSS
Exploits1References5
Cvelist
Cvelist
added 2005/06/08 4:0 a.m.19 views

CVE-2005-1893

FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message...

6.2AI score0.02925EPSS
Exploits0References5
CVE
CVE
added 2005/06/08 4:0 a.m.54 views

CVE-2005-1893

CVE-2005-1893 affects FlatNuke 2.5.3. The vulnerability arises when a remote attacker supplies invalid parameters to certain scripts, causing an error message that leaks the web document root. The available documents describe the impact as an information disclosure vulnerability (partial confiden...

5CVSS6.6AI score0.02925EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2005/05/24 4:0 a.m.20 views

CVE-2005-1733

Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt...

6.8AI score0.01531EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/05/18 4:0 a.m.21 views

CVE-2005-1645

Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...

6.5AI score0.0287EPSS
Exploits1References5
NVD
NVD
added 2005/05/16 4:0 a.m.21 views

CVE-2005-1367

Pico Server pServ 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root...

7.5CVSS6.3AI score0.0123EPSS
Exploits2References2
Cvelist
Cvelist
added 2005/05/16 4:0 a.m.19 views

CVE-2005-1601

MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties...

6.3AI score0.01388EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/05/14 4:0 a.m.17 views

CVE-2005-1586

Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to 1 db/users.txt, 2 db/banList.txt, 3 db/censureWords.txt, or ...

6.3AI score0.01388EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/04/16 4:0 a.m.14 views

CVE-2005-1136

Simple PHP Blog sphpBlog 0.4.0 stores the 1 password.txt and 2 config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files...

6.3AI score0.01531EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/04/14 4:0 a.m.21 views

CVE-2002-1353

LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst...

6.6AI score0.01388EPSS
Exploits0References4
exploitpack
exploitpack
added 2004/07/15 12:0 a.m.11 views

Gattaca Server 2003 - Null Byte Full Path Disclosure

Gattaca Server 2003 - Null Byte Full Path Disclosure source: https://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2004/07/15 12:0 a.m.26 views

Gattaca Server 2003 - 'Language' Path Exposure

source: https://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error pages that contain the full...

7AI score
Exploits0
CVE
CVE
added 2003/07/25 4:0 a.m.57 views

CVE-2003-0599

CVE-2003-0599 concerns phpGroupWare (0.9.16preRC and all versions before 0.9.14.004). The vulnerability lies in the Virtual File System (VFS) capability, with the root cause described as the VFS path being under the web document root, and implications are stated as unknown. The advisory lists a h...

10CVSS6.3AI score0.0184EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2003/07/25 4:0 a.m.28 views

CVE-2003-0599

Unknown vulnerability in the Virtual File System VFS capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root...

6.3AI score0.0184EPSS
Exploits0References3
NVD
NVD
added 2003/06/09 4:0 a.m.13 views

CVE-2002-1454

MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message...

5CVSS6.7AI score0.01716EPSS
Exploits1References4
CVE
CVE
added 2003/05/17 4:0 a.m.64 views

CVE-2003-0309

The CVE covers Microsoft Internet Explorer 5.01, 5.5, and 6.0 where a crafted web document with a large number of duplicate file:// or other requests using FRAME/IFRAME can trigger multiple file download dialogs, ultimately allowing remote code execution. The issue is mitigated by Microsoft patch...

7.5CVSS8AI score0.4997EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2003/04/22 4:0 a.m.28 views

CVE-2002-1467

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via 1 an HTTP redirect, 2 a "file://" base in a web document, or 3 a relative URL from a web archive mht file...

5CVSS6.7AI score0.01907EPSS
Exploits1References4
NVD
NVD
added 2002/12/31 5:0 a.m.9 views

CVE-2002-2342

Bannermatic 1, 2, and 3 stores the 1 ban.log, 2 ban.bak, 3 ban.dat and 4 banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files...

5CVSS6.1AI score0.01009EPSS
Exploits0References3
CVE
CVE
added 2002/08/31 4:0 a.m.51 views

CVE-2002-0917

CVE-2002-0917 affects CGIScript.net csPassword.cgi, which stores .htpasswd files under the web document root. This allows remote authenticated users to download the password file and crack other users’ passwords. The vulnerability is mapped to a high severity (CVSS v2 base score 7.5, vector AV:N/...

7.5CVSS6.3AI score0.02426EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder