Lucene search
K

5 matches found

NVD
NVD
added 2007/10/08 11:17 p.m.9 views

CVE-2007-5278

Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving...

4.3CVSS6.3AI score0.02017EPSS
Exploits1References2
Cvelist
Cvelist
added 2007/10/08 11:0 p.m.21 views

CVE-2007-5278

Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving...

6.3AI score0.02017EPSS
Exploits1References2
NVD
NVD
added 2007/10/05 11:17 p.m.17 views

CVE-2007-5230

admin/uploadfiles.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231...

7.5CVSS7.1AI score0.04663EPSS
Exploits0References3
Prion
Prion
added 2007/10/05 11:17 p.m.18 views

Design/Logic Flaw

admin/uploadfiles.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231...

7.5CVSS7.5AI score0.04663EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/10/05 11:0 p.m.42 views

CVE-2007-5230

CVE-2007-5230 concerns Zomplog 3.8.1 and earlier where admin/upload_files.php does not require administrative credentials, enabling remote attackers to perform administrative actions via a direct request. This is linked to CVE-2007-5231, which describes an unrestricted file upload vulnerability i...

7.5CVSS7.1AI score0.04663EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder