Hot Links Security Vulnerabilities - November

CVE-2006-7086

The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.