Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1369 matches found

Cvelist
Cvelistadded 2009/07/02 10:0 a.m.23 views

CVE-2009-2306

The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini...

6.4AI score0.02085EPSS
Exploits0References2
Prion
Prionadded 2009/06/09 7:30 p.m.10 views

Improper access control

Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt...

5CVSS6.9AI score0.02286EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2009/06/09 7:30 p.m.13 views

CVE-2009-2022

fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for fipsdb/db.mdb...

5CVSS6.3AI score0.05159EPSS
Exploits0References2
Cvelist
Cvelistadded 2009/06/09 7:0 p.m.20 views

CVE-2009-2022

fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for fipsdb/db.mdb...

6.3AI score0.05159EPSS
Exploits0References2
Cvelist
Cvelistadded 2009/06/09 7:0 p.m.23 views

CVE-2009-2024

Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt...

6.4AI score0.02286EPSS
Exploits0References2
CVE
CVEadded 2009/06/09 7:0 p.m.46 views

CVE-2009-2024

CVE-2009-2024 affects Vlad Titarenko ASP VT Auth 1.0. The vulnerability arises from storing sensitive information under the web root with insufficient access control, allowing remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt....

5CVSS6.6AI score0.02286EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2009/05/29 4:30 p.m.12 views

CVE-2009-1821

DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb...

5CVSS6.3AI score0.02618EPSS
Exploits0References3
NVD
NVDadded 2009/04/03 6:30 p.m.10 views

CVE-2008-6599

cookiecheck.php in CookieCheck 1.0 stores tmp/ccsessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."...

5CVSS6.6AI score0.01339EPSS
Exploits1References4
NVD
NVDadded 2009/04/02 3:30 p.m.10 views

CVE-2008-6580

The RedReservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to 1 makered.mdb and 2 makered97.mdb...

5CVSS6.3AI score0.02229EPSS
Exploits0References2
Prion
Prionadded 2009/04/02 3:30 p.m.17 views

Improper access control

aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb...

5CVSS6.9AI score0.01064EPSS
Exploits0References2
Cvelist
Cvelistadded 2009/04/02 3:0 p.m.19 views

CVE-2008-6580

The RedReservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to 1 makered.mdb and 2 makered97.mdb...

6.3AI score0.02229EPSS
Exploits0References2
CVE
CVEadded 2009/04/02 3:0 p.m.47 views

CVE-2009-1223

CVE-2009-1223 affects aspWebCalendar Free Edition. The vulnerability arises from storing sensitive information under the web root with insufficient access control, enabling remote attackers to download a calendar.mdb database containing user credentials via a direct request to calendar/calendar.m...

5CVSS6.5AI score0.01064EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2009/03/31 5:0 p.m.15 views

CVE-2005-4880

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to 1 guestbook, 2 guestbookips2block, 3 ips2block, and 4 formmailer/logfile.csv...

6.2AI score0.02409EPSS
Exploits1References2
Prion
Prionadded 2009/03/25 6:30 p.m.11 views

Improper access control

Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh...

5CVSS6.8AI score0.01205EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2009/03/25 6:0 p.m.21 views

CVE-2009-1085

Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh...

6.3AI score0.01205EPSS
Exploits0References3
Prion
Prionadded 2009/03/24 2:30 p.m.11 views

Improper access control

chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv...

5CVSS6.9AI score0.01064EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2009/03/24 2:30 p.m.11 views

Improper access control

FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv...

5CVSS6.9AI score0.01213EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2009/03/24 2:30 p.m.15 views

CVE-2009-1053

chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv...

5CVSS6.4AI score0.01064EPSS
Exploits0References2
Cvelist
Cvelistadded 2009/03/24 2:0 p.m.18 views

CVE-2009-1052

FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv...

6.4AI score0.01213EPSS
Exploits0References3
Cvelist
Cvelistadded 2009/03/24 2:0 p.m.32 views

CVE-2009-1053

chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv...

6.4AI score0.01064EPSS
Exploits0References2
Rows per page
Query Builder