1 results (0.027 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes. • http://marc.info/?l=bugtraq&m=111402253108991&w=2 http://secunia.com/advisories/15015 http://www.osvdb.org/15695 https://exchange.xforce.ibmcloud.com/vulnerabilities/20177 •