Page 2 of 34 results (0.012 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3

Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. Angelo-Emlak v1.0 almacena información sensible bajo el directorio web raíz con un control de acceso insuficiente, lo que permite a atacantes remotos descargar la base de datos a través de una petición directa a veribaze/angelo.mdb. • https://www.exploit-db.com/exploits/10576 http://osvdb.org/61228 http://secunia.com/advisories/37724 http://www.exploit-db.com/exploits/10576 https://exchange.xforce.ibmcloud.com/vulnerabilities/54946 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb. LookMer Music Portal almacena información sensible bajo el directorio web raíz con un control de acceso insuficiente, lo que permite a atacantes remotos descargar la base de datos a través de una petición directa a dbmdb/LookMerSarkiMDB.mdb. • http://osvdb.org/61845 http://secunia.com/advisories/38247 http://www.packetstormsecurity.com/1001-exploits/lookmer-disclose.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/55751 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3

Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb. Erolife AjxGaleri VT almacena información sensible en la raíz web con insuficientes controles de acceso, lo que permite a atacantes remotos descargar una base de datos a través de una petición directa para db/ajxgaleri.mdb. • https://www.exploit-db.com/exploits/11023 http://packetstormsecurity.org/1001-exploits/erolife-disclose.txt http://secunia.com/advisories/38033 http://www.exploit-db.com/exploits/11023 https://exchange.xforce.ibmcloud.com/vulnerabilities/55446 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3

UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb. UranyumSoft Listing Service almacena información sensible bajo el directorio raíz web con insuficientes accesos de control, lo que permite a atacantes remotos descargar una base de datos a trav´se de una petición directa para database/db.mbd. • https://www.exploit-db.com/exploits/10823 http://packetstormsecurity.org/0912-exploits/uranyumsoft-disclose.txt http://secunia.com/advisories/37912 http://www.exploit-db.com/exploits/10823 http://www.osvdb.org/61396 https://exchange.xforce.ibmcloud.com/vulnerabilities/55220 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp. Múltiples vulnerabilidades de inyección SQL en Shader TV (Beta) permite a administrador remotos autenticados ejecutar comandos SQL de forma arbitraria a través del parámetro "sid" a (1) kanal.asp, (2) google.asp, y (3) hakk.asp en yonet/; y permite a atacantes remotos ejecutar comandos SQL a través de los campos (4) "username" y (5) "password" a yonet/default.asp. • https://www.exploit-db.com/exploits/5564 http://www.securityfocus.com/bid/29091 https://exchange.xforce.ibmcloud.com/vulnerabilities/42261 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •