CVE-2010-1736

The CVE-2010-1736 entry concerns KrM Haber 1.0, where sensitive data is stored under the web root with insufficient access control. The underlying issue allows remote attackers to directly download the database file d_atabase/Krmdb.mdb, exposing potentially confidential data. The connected docume...

Wing FTP Server HTTP Directory Traversal Vulnerability

Christian Navarrete has discovered a vulnerability in Wing FTP Server, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an input validation error when processing HTTP requests. This can be exploited to access files outside the web ro...

CVE-2009-4825

8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for AppData/sb.mdb...

Improper access control

Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb...

CVE-2009-4825

The CVE-2009-4825 entry relates to 8pixel.net Blog 4, where sensitive data is stored under the web root with insufficient access control, enabling remote retrieval of a database via a direct request for App_Data/sb.mdb. The incident is described as a direct file download vulnerability (no exploit...

CVE-2009-4820

Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb...

CVE-2009-4799

Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 artiklerprod.mdb or 2 medlemmer.mdb...

Improper access control

CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/hikaye.mdb...

Improper access control

YP Portal MS-Pro Surumu aka MS-Pro Portal Scripti 1.0 and 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for galeri/database/db.mdb...

CVE-2009-4766

YP Portal MS-Pro Surumu aka MS-Pro Portal Scripti 1.0 and 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for galeri/database/db.mdb...

Java Mini Web Server <= 1.0 Path Traversal and Cross Site Scripting

Exploit for multiple platform in category remote exploits =================================================================== Java Mini Web Server | www.DigitalWhisper.co.il Software Link: http://www.jibble.org/miniwebserver/ Version: YOURXSSHEREWork?Index of %00"Work?Index of %00"Work? Work?...

Improper access control

Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb...

CVE-2009-4760

CVE-2009-4760 affects Winn ASP Guestbook 1.01 Beta. The issue is improper access control that stores sensitive information under the web root, enabling a remote attacker to download the database via a direct request to data/guestbook.mdb. Across connected sources, this exact description and impac...

Improper access control

Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb...

CVE-2010-1064

Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb...

CVE-2010-1065

Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb...

CVE-2010-1067

E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb...

CVE-2010-1066

AR Web Content Manager AWCM 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/dbbackup.php...

CVE-2010-1064

Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb...

CVE-2010-1064

The CVE-2010-1064 vulnerability affects Erolife AjxGaleri VT, where sensitive data is stored under the web root with insufficient access control. This allows remote attackers to download the database (db/ajxgaleri.mdb) via a direct request. The issue is reflected in the NVD entry (CVSSv2 base sco...