Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb.
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini.
cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.
ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb.
CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb.
MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb.
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb.
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).
ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb.
TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php.
R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb.
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt.
Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors.
Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp.
BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb.
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system.
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function.
PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.
MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request.
CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request.
RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks.
PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords.
Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.
hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb.
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb.
Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information.
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb.
Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb.
Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.