1370 matches found
CVE-2008-5129
CVE-2008-5129 affects Ocean12 Poll Manager Pro 1.00. The issue is insufficient access control, with sensitive data stored under the web root and exposed via a direct request to o12poll.mdb. This enables partial disclosure of data to remote attackers. Exploitation details, affected versions beyond...
CVE-2008-4183
IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename...
X10media Mp3 Search Engine 1.5.5 Remote File Inclusion Vulnerability
No description provided by source. THUNDER X10media Mp3 Search Engine v1.5.5 Remote File Inclusion Vulnerability Founded by : THUNDER t4hathotmail.fr Dork: "This search engine is in no way intended for illegal downloads." Vuln Code: file : /includes/functioncore.php -88.- include...
anata-upload.txt
|| | | Ananta 10b6 fckeditor Remote Arbitrary File Upload | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.Hussin-X.CoM | www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script :...
kimwebsites-upload.txt
S4rK3VT Hacking TEAM Title: KimWebsite fckeditor Remote Arbitrary File Upload Vendor: http://sourceforge.net/project/showfiles.php?groupid=196819 discover by : Ciph3r We Are : Ciph3r & Rake [email protected] Impact: Medium Fix: N/A Expl0ters Security TEAM == www.Expl0iters.ir -...
Kim Websites 1.0 - FCKeditor Arbitrary File Upload
Kim Websites 1.0 - FCKeditor Arbitrary File Upload S4rK3VT Hacking TEAM Title: KimWebsite fckeditor Remote Arbitrary File Upload Vendor: http://sourceforge.net/project/showfiles.php?groupid=196819 discover by : Ciph3r We Are : Ciph3r & Rake [email protected] Impact: Medium Fix: N/A Expl0te...
Kim Websites 1.0 - 'FCKeditor' Arbitrary File Upload
S4rK3VT Hacking TEAM Title: KimWebsite fckeditor Remote Arbitrary File Upload Vendor: http://sourceforge.net/project/showfiles.php?groupid=196819 discover by : Ciph3r We Are : Ciph3r & Rake [email protected] Impact: Medium Fix: N/A Expl0ters Security TEAM == www.Expl0iters.ir -...
CVE-2008-2873
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb...
PHP 5 'posix_access()'函数'safe_mode'绕过目录遍历漏洞
BUGTRAQ ID: 29797 CVE ID:CVE-2008-2665 CNCVE ID:CNCVE-20082665 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'posixaccess'存在'safemode绕过问题,远程攻击者可以利用漏洞访问WEB ROOT目录之外的数据,导致敏感信息泄漏。 问题代码如下: - --- PHPFUNCTIONposixaccess long mode = 0; int filenamelen, ret; char filename, path; if zendparseparametersZENDNUMARGS TSRMLSCC,...
Improper access control
The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...
CVE-2008-2003
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to 1 cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via 2 badblue.exe and 3 dyndns.exe. NOTE: this can be...
DDIVRT-2008-11 BadBlue uninst.exe DoS
Title ----- DDIVRT-2008-11 BadBlue uninst.exe DoS Severity -------- Medium Date Discovered --------------- March 5th 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and r@b13$ Vulnerability Description ------------------------- BadBlue is a...
Improper access control
ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for 1 config.ini or 2 database.ini. NOTE: some of these details are obtained from third party information...
Improper access control
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...
Juniper Networks Secure Access 2000 Web Root路径泄露漏洞
BUGTRAQ ID: 28037 Juniper Networks的Secure Access 2000是企业级的SSL VPN接入设备。 Secure Access 2000处理用户请求参数时存在漏洞,远程攻击者可能利用此漏洞获取服务器相关的敏感信息。 如果向Secure Access 2000的remediate.cgi脚本提交了带有特制参数的请求的话,服务器就会在返回的Execute failed消息中包含webroot(/home/webserver/htdocs/)的物理路径。 Juniper Networks Secure Access 2000 5.5R1 build...
CVE-2003-1541
PlanetMoon Guestbook tr3.a stores sensitive information under the web root due to insufficient access control. This enables remote attackers to obtain the admin script password (and other passwords) via a direct request to files/passwd.txt. The available sources describe information disclosure wi...
CVE-2003-1541
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt...
CVE-2008-0135
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitzforums2000.mdb...
Improper access control
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitzforums2000.mdb...
CVE-2007-6512
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc...