Lucene search
K

1370 matches found

CVE
CVE
added 2008/11/18 11:0 a.m.49 views

CVE-2008-5129

CVE-2008-5129 affects Ocean12 Poll Manager Pro 1.00. The issue is insufficient access control, with sensitive data stored under the web root and exposed via a direct request to o12poll.mdb. This enables partial disclosure of data to remote attackers. Exploitation details, affected versions beyond...

5CVSS6.2AI score0.01336EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2008/09/23 3:25 p.m.11 views

CVE-2008-4183

IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename...

5CVSS6.3AI score0.03233EPSS
Exploits0References6
seebug.org
seebug.org
added 2008/09/18 12:0 a.m.12 views

X10media Mp3 Search Engine 1.5.5 Remote File Inclusion Vulnerability

No description provided by source. THUNDER X10media Mp3 Search Engine v1.5.5 Remote File Inclusion Vulnerability Founded by : THUNDER t4hathotmail.fr Dork: "This search engine is in no way intended for illegal downloads." Vuln Code: file : /includes/functioncore.php -88.- include...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/09/11 12:0 a.m.24 views

anata-upload.txt

|| | | Ananta 10b6 fckeditor Remote Arbitrary File Upload | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.Hussin-X.CoM | www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2008/09/10 12:0 a.m.19 views

kimwebsites-upload.txt

S4rK3VT Hacking TEAM Title: KimWebsite fckeditor Remote Arbitrary File Upload Vendor: http://sourceforge.net/project/showfiles.php?groupid=196819 discover by : Ciph3r We Are : Ciph3r & Rake [email protected] Impact: Medium Fix: N/A Expl0ters Security TEAM == www.Expl0iters.ir -...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/09/09 12:0 a.m.21 views

Kim Websites 1.0 - FCKeditor Arbitrary File Upload

Kim Websites 1.0 - FCKeditor Arbitrary File Upload S4rK3VT Hacking TEAM Title: KimWebsite fckeditor Remote Arbitrary File Upload Vendor: http://sourceforge.net/project/showfiles.php?groupid=196819 discover by : Ciph3r We Are : Ciph3r & Rake [email protected] Impact: Medium Fix: N/A Expl0te...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/09/09 12:0 a.m.26 views

Kim Websites 1.0 - 'FCKeditor' Arbitrary File Upload

S4rK3VT Hacking TEAM Title: KimWebsite fckeditor Remote Arbitrary File Upload Vendor: http://sourceforge.net/project/showfiles.php?groupid=196819 discover by : Ciph3r We Are : Ciph3r & Rake [email protected] Impact: Medium Fix: N/A Expl0ters Security TEAM == www.Expl0iters.ir -...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2008/06/26 5:0 p.m.20 views

CVE-2008-2873

sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb...

6.3AI score0.02587EPSS
Exploits0References3
seebug.org
seebug.org
added 2008/06/23 12:0 a.m.41 views

PHP 5 'posix_access()'函数'safe_mode'绕过目录遍历漏洞

BUGTRAQ ID: 29797 CVE ID:CVE-2008-2665 CNCVE ID:CNCVE-20082665 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'posixaccess'存在'safemode绕过问题,远程攻击者可以利用漏洞访问WEB ROOT目录之外的数据,导致敏感信息泄漏。 问题代码如下: - --- PHPFUNCTIONposixaccess long mode = 0; int filenamelen, ret; char filename, path; if zendparseparametersZENDNUMARGS TSRMLSCC,...

5CVSS6.3AI score0.03377EPSS
Exploits4
Prion
Prion
added 2008/06/04 8:32 p.m.16 views

Improper access control

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

5CVSS7AI score0.11367EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2008/04/28 8:5 p.m.18 views

CVE-2008-2003

BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to 1 cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via 2 badblue.exe and 3 dyndns.exe. NOTE: this can be...

7.5CVSS7.6AI score0.02837EPSS
Exploits0References3
securityvulns
securityvulns
added 2008/04/25 12:0 a.m.48 views

DDIVRT-2008-11 BadBlue uninst.exe DoS

Title ----- DDIVRT-2008-11 BadBlue uninst.exe DoS Severity -------- Medium Date Discovered --------------- March 5th 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and r@b13$ Vulnerability Description ------------------------- BadBlue is a...

2.1AI score
Exploits0
Prion
Prion
added 2008/04/11 9:5 p.m.12 views

Improper access control

ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for 1 config.ini or 2 database.ini. NOTE: some of these details are obtained from third party information...

7.5CVSS6.8AI score0.01402EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2008/03/24 5:44 p.m.19 views

Improper access control

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...

4.3CVSS6.6AI score0.0137EPSS
Exploits0References8Affected Software1
seebug.org
seebug.org
added 2008/03/02 12:0 a.m.29 views

Juniper Networks Secure Access 2000 Web Root路径泄露漏洞

BUGTRAQ ID: 28037 Juniper Networks的Secure Access 2000是企业级的SSL VPN接入设备。 Secure Access 2000处理用户请求参数时存在漏洞,远程攻击者可能利用此漏洞获取服务器相关的敏感信息。 如果向Secure Access 2000的remediate.cgi脚本提交了带有特制参数的请求的话,服务器就会在返回的Execute failed消息中包含webroot(/home/webserver/htdocs/)的物理路径。 Juniper Networks Secure Access 2000 5.5R1 build...

6.9AI score
Exploits0
CVE
CVE
added 2008/02/13 11:0 p.m.44 views

CVE-2003-1541

PlanetMoon Guestbook tr3.a stores sensitive information under the web root due to insufficient access control. This enables remote attackers to obtain the admin script password (and other passwords) via a direct request to files/passwd.txt. The available sources describe information disclosure wi...

5CVSS6.2AI score0.0303EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2008/02/13 11:0 p.m.18 views

CVE-2003-1541

PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt...

6.2AI score0.0303EPSS
Exploits0References6
NVD
NVD
added 2008/01/08 7:46 p.m.17 views

CVE-2008-0135

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitzforums2000.mdb...

5CVSS6.4AI score0.02451EPSS
Exploits0References4
Prion
Prion
added 2008/01/08 7:46 p.m.9 views

Improper access control

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitzforums2000.mdb...

5CVSS6.9AI score0.02451EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/12/21 10:46 p.m.1 views

CVE-2007-6512

PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc...

5CVSS5.5AI score0.01256EPSS
Exploits0References6
Rows per page
Query Builder