1369 matches found
CVE-2008-5597
Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb...
CVE-2008-5602
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb...
CVE-2008-5597
CVE-2008-5597 affects Cold BBS, where sensitive data is stored under the web root with insufficient access control. The vulnerability allows remote attackers to directly download the database file (db/cforum.mdb), exposing stored information. The available sources describe the issue and confirm t...
CVE-2008-5606
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb...
CVE-2008-5592
CVE-2008-5592 affects Nightfall Personal Diary 1.0. The issue is improper access control: sensitive data is stored under the web root, allowing remote attackers to download the database file (users-zza21.mdb) via a direct request. The resulting impact is partial confidentiality loss. The availabl...
CVE-2008-5572
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb...
CVE-2008-5562
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb...
Improper access control
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb...
CVE-2008-5560
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb...
CVE-2008-5562
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb...
CVE-2008-5572
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb...
CVE-2008-5560
CVE-2008-5560 : The PostEcards application stores sensitive information under the web root with insufficient access control, allowing remote attackers to download the database file postcards.mdb via a direct request. This represents a path traversal/poor access-control exposure enabling disclosur...
CVE-2008-5562
CVE-2008-5562 : ASPPortal has insufficient access control that exposes the web root, allowing remote attackers to download the database file by requesting xportal.mdb directly. Public references indicate this is a straightforward local-file exposure rather than a remote-code execution flaw. The c...
Improper access control
ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords...
Apple iPhone Configuration Web Utility directory traversal
ACcess outside web root is possible...
CVE-2008-5128
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb...
Improper access control
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb...
Improper access control
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb...
Improper access control
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb...
CVE-2008-5129
CVE-2008-5129 affects Ocean12 Poll Manager Pro 1.00. The issue is insufficient access control, with sensitive data stored under the web root and exposed via a direct request to o12poll.mdb. This enables partial disclosure of data to remote attackers. Exploitation details, affected versions beyond...