Path disclosure in IceBB

Vulnerability ID: HTB22689 Reference: http://www.htbridge.ch/advisory/pathdisclosureinicebb.html Product: IceBB Vendor: XAOS Interactive http://icebb.net/ Vulnerable Version: 1.0-rc10 Vendor Notification: 02 November 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted,...

IceBB 1.0-rc10 Disclosure / SQL Injection

=================================== Vulnerability ID: HTB22686 Reference: http://www.htbridge.ch/advisory/informationdisclosureinicebb.html Product: IceBB Vendor: XAOS Interactive http://icebb.net/ Vulnerable Version: 1.0-rc10 Vendor Notification: 02 November 2010 Vulnerability Type: Information...

Path disclosure in eoCMS

Vulnerability ID: HTB22674 Reference: http://www.htbridge.ch/advisory/pathdisclosureineocms.html Product: eoCMS Vendor: eocms.com http://eocms.com Vulnerable Version: 0.9.04 Vendor Notification: 21 October 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awaiting Vendor...

CVE-2010-4145

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb...

CVE-2010-4145

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb...

MyBB 1.6 Path Disclosure

Vulnerability ID: HTB22654 Reference: http://www.htbridge.ch/advisory/pathdisclosureinmybb.html Product: MyBB Vendor: MyBB http://www.mybb.com Vulnerable Version: 1.6 Vendor Notification: 13 October 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awaiting Vendor Respon...

Path disclosure in MyBB

Vulnerability ID: HTB22654 Reference: http://www.htbridge.ch/advisory/pathdisclosureinmybb.html Product: MyBB Vendor: MyBB http://www.mybb.com Vulnerable Version: 1.6 Vendor Notification: 13 October 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awaiting Vendor Respon...

MyBB v1.6 Full Path Disclosure Vulnerability

Exploit for php platform in category web applications ============================================ MyBB v1.6 Full Path Disclosure Vulnerability ============================================ Reference: http://www.htbridge.ch/advisory/pathdisclosureinmybb.html Product: MyBB Vendor: MyBB...

MyBB 1.6 - Full Path Disclosure

MyBB 1.6 - Full Path Disclosure Vulnerability ID: HTB22654 Reference: http://www.htbridge.ch/advisory/pathdisclosureinmybb.html Product: MyBB Vendor: MyBB http://www.mybb.com Vulnerable Version: 1.6 Vendor Notification: 13 October 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor...

Alstrasoft e-Friends 4.96 - Multiple Vulnerabilities

AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities Name AlstraSoft E-Friends Vendor http://www.alstrasoft.com Versions Affected 4.96 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-10-27 X. INDEX I. ABOUT THE...

Tribiq CMS 5.2.5 Path Disclosure

Vulnerability ID: HTB22640 Reference: http://www.htbridge.ch/advisory/pathdisclosureintribiqcms.html Product: Tribiq CMS Vendor: Tribiq http://tribiq.com/ Vulnerable Version: 5.2.5 and probably prior versions Vendor Notification: 05 October 2010 Vulnerability Type: Path disclosure Status: Fixed b...

CVE-2010-3490

Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. dot dot in the usersnum parameter to admin/config.php, as...

CVE-2010-3490

CVE-2010-3490 affects FreePBX

CVE-2010-2656

The IBM BladeCenter with Advanced Management Module AMM firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download 1 logs or 2 core files via direct requests...

CVE-2010-2465

The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via...

The music he multi-language shop system The exploitability of the vulnerability.-vulnerability warning-the black bar safety net

In fact, is counted as the Administrator's mistake, if in accordance with the management operations manual, there is absolutely no problem Dork: A Powered By 5 6 7 7 0 Eshop Then check the web root directory is there install as you 9 0% can take down the website. exp: site+install/Install. asp?...

Microsoft ASP.NET Application Folder Information Disclosure (MS06-033; CVE-2006-1300)

ASP.NET is a technology that provides a programming model and infrastructure for creating dynamic web applications. ASP.NET is part of the Microsoft .NET Framework. ASP.NET is deployed on the Microsoft Internet Information Server, which treats files with the .aspx extension as ASP.NET files and...

nginx [engine x] http server <= 0.6.36 Path Draversal

No description provided by source. Exploit Title: nginx engine x http server = 0.6.36 Path Draversal Date: 20/05/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il http://www.DigitalWhisper.co.il Software Link: http://nginx.org/ Version: = 0.6.36 Tested on: Win32 Path...

Improper access control

KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/Krmdb.mdb...

CVE-2010-1736

KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/Krmdb.mdb...