A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.
A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited.
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors.
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb.
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application.
An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors.
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb.
Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function.
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php.
chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb.
Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request.
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt.
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb.
FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh.
FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.
Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.
Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.
Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt.
Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb.
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password.
Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb.
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.
MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb.
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb.
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.
YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt.
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.
RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks.
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request.
cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."