ReportizFlow
Filtered by vendor
Subscriptions
Total
5490 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0843 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2026-04-23 | N/A |
| The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. | ||||
| CVE-2008-5886 | 1 Takempis | 1 Discussion Web | 2026-04-23 | N/A |
| TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5897 | 1 Codeavalanche | 1 Freewallpaper | 2026-04-23 | N/A |
| CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5898 | 1 Codeavalanche | 1 Directory | 2026-04-23 | N/A |
| CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5899 | 1 Codeavalanche | 1 Freeforall | 2026-04-23 | N/A |
| CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5925 | 1 Asp-dev | 1 Xm Events Diary | 2026-04-23 | N/A |
| ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. | ||||
| CVE-2008-6535 | 1 Paypalestores | 1 Paypal Estores | 2026-04-23 | N/A |
| admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | ||||
| CVE-2008-5956 | 1 Phpstreet | 1 Webboard | 2026-04-23 | N/A |
| Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc. | ||||
| CVE-2008-5980 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2026-04-23 | N/A |
| Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. | ||||
| CVE-2008-6001 | 1 Adnforum | 1 Adnforum | 2026-04-23 | N/A |
| index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string. | ||||
| CVE-2008-6136 | 1 Drupal | 1 Everyblog | 2026-04-23 | N/A |
| Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors. | ||||
| CVE-2008-6137 | 1 Drupal | 2 Drupal, Everyblog | 2026-04-23 | N/A |
| EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | ||||
| CVE-2008-6147 | 1 Aspapp | 1 Forumapp | 2026-04-23 | N/A |
| ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb. | ||||
| CVE-2008-6199 | 1 2532gigs | 1 2532gigs | 2026-04-23 | N/A |
| 2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control. | ||||
| CVE-2008-6291 | 1 Accscripts | 1 Acc Php Email | 2026-04-23 | N/A |
| Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to "admin". | ||||
| CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2026-04-23 | N/A |
| CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | ||||
| CVE-2008-6354 | 1 Thenetguys | 1 Aspired2poll | 2026-04-23 | N/A |
| The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. | ||||
| CVE-2008-6355 | 1 Thenetguys | 1 Aspired2protect | 2026-04-23 | N/A |
| The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb. | ||||
| CVE-2008-6382 | 1 Aspportal | 1 Aspportal | 2026-04-23 | N/A |
| ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | ||||
| CVE-2009-4585 | 1 Aspindir | 1 Uranyumsoft Listing Service | 2026-04-23 | N/A |
| UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb. | ||||