CVE-2009-3597

Digitaldesign CMS 0.1 is affected. The vulnerability arises from storing sensitive data under the web root with insufficient access control, allowing remote attackers to download the database file (autoconfig.dd) via a direct request. Impact is confined to partial confidentiality as described in ...

PT-2009-5879 · Digitaldesign · Digitaldesign Cms

Name of the Vulnerable Software and Affected Versions: Digitaldesign CMS version 0.1 Description: The issue allows remote attackers to download the database file via a direct request for autoconfig.dd due to insufficient access control. This is because sensitive information is stored under the we...

Improper access control

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...

Improper access control

All Club CMS ACCMS 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat...

Improper access control

Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb...

CVE-2008-7069

All Club CMS ACCMS 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat...

CVE-2008-7080

Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql...

Improper access control

mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini...

CVE-2008-6955

mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini...

Improper access control

ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb...

Improper access control

R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb...

CVE-2009-2602

R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb...

CVE-2009-2606

The CVE-2009-2606 entry concerns ASP Football Pool 2.3 where sensitive data is stored under the web root with insufficient access control, enabling remote retrieval of the NFL.mdb database file via a direct request. The core issue is improper access control on the web root, leading to exposure of...

CVE-2008-6872

ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb...

CVE-2008-6871

Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request...

Improper access control

Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request...

Improper access control

ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb...

CVE-2008-6869

Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini...

Improper access control

The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini...

CVE-2009-2306

The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini...