Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0498 | 1 Minitdesign | 1 Virtual Guestbook | 2017-09-28 | 5.0 MEDIUM | N/A |
| Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb. | |||||
| CVE-2009-0383 | 1 Mzbservices | 1 Max.blog | 2017-09-28 | 6.4 MEDIUM | N/A |
| delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request. | |||||
| CVE-2009-0365 | 1 Ubuntu | 1 Ubuntu Linux | 2017-09-28 | 4.6 MEDIUM | N/A |
| nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. | |||||
| CVE-2009-0357 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-28 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. | |||||
| CVE-2009-0355 | 1 Mozilla | 1 Firefox | 2017-09-28 | 5.4 MEDIUM | N/A |
| components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element. | |||||
| CVE-2009-0328 | 1 Robs-projects | 1 Digital Sales Ipn | 2017-09-28 | 5.0 MEDIUM | N/A |
| ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb. | |||||
| CVE-2009-0336 | 1 Katywhitton | 1 Blogit\! | 2017-09-28 | 5.0 MEDIUM | N/A |
| Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0250 | 1 Ryneezy | 1 Phosheezy | 2017-09-28 | 5.0 MEDIUM | N/A |
| Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password. | |||||
| CVE-2009-0249 | 1 Katywhitton | 1 Rankem | 2017-09-28 | 5.0 MEDIUM | N/A |
| Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb. | |||||
| CVE-2008-6147 | 1 Aspapp | 1 Forumapp | 2017-09-28 | 5.0 MEDIUM | N/A |
| ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb. | |||||
| CVE-2008-6057 | 1 Liberum | 1 Liberum Help Desk | 2017-09-28 | 5.0 MEDIUM | N/A |
| Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
| CVE-2008-6001 | 1 Adnforum | 1 Adnforum | 2017-09-28 | 7.5 HIGH | N/A |
| index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string. | |||||
| CVE-2008-5981 | 1 Pacosdrivers | 1 Pacpoll | 2017-09-28 | 5.0 MEDIUM | N/A |
| PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. | |||||
| CVE-2008-5980 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2017-09-28 | 5.0 MEDIUM | N/A |
| Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. | |||||
| CVE-2008-5956 | 1 Phpstreet | 1 Webboard | 2017-09-28 | 5.0 MEDIUM | N/A |
| Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc. | |||||
| CVE-2008-5951 | 1 Aspapps | 1 Template Creature | 2017-09-28 | 5.0 MEDIUM | N/A |
| ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | |||||
| CVE-2008-5932 | 1 Codeavalanche | 1 Freeforum | 2017-09-28 | 5.0 MEDIUM | N/A |
| CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5931 | 1 The Net Guys | 1 Aspired2blog | 2017-09-28 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5929 | 1 Vpasp | 1 Vp-asp Shopping Cart | 2017-09-28 | 5.0 MEDIUM | N/A |
| VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5899 | 1 Codeavalanche | 1 Freeforall | 2017-09-28 | 7.5 HIGH | N/A |
| CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. | |||||