RSS   Vulnerabilities for 'Pad site scripts'   RSS

2009-06-05
 
CVE-2009-1941

CWE-264
 

 
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt.

 
2009-05-20
 
CVE-2009-1739

CWE-20
 

 
PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username.

 


Copyright 2024, cxsecurity.com

 

Back to Top