Septemb0X

#9658de 53,638
28.6CVSS total
Vulnerabilidades · 4
Média
2
Alta
2
PT-2009-5515
5.0
2009-09-15
Uebimiau · Uebimiau Webmail · CVE-2009-3199
**Name of the Vulnerable Software and Affected Versions** Uebimiau Webmail version 3.2.0-2.0 **Description** The issue allows remote attackers to download a database containing usernames and password hashes by making a direct request for the "system admin/admin.ucf" file. This is possible due to insufficient access control over sensitive information stored under the web root. **Recommendations** For Uebimiau Webmail version 3.2.0-2.0, consider restricting access to the "system admin/admin.ucf" file to prevent unauthorized downloads of the database. Additionally, review and improve access controls over sensitive information stored under the web root to prevent similar issues.
PT-2009-4824
9.3
2009-07-09
Dm · Dm Albums · CVE-2009-2396
**Name of the Vulnerable Software and Affected Versions** DM Albums version 1.9.2 **Description** A remote file inclusion issue in the template/album.php file allows remote attackers to execute arbitrary PHP code via a URL in the `SECURITY FILE` parameter. **Recommendations** For DM Albums version 1.9.2, consider restricting access to the `template/album.php` file until a patch is available, and avoid using the `SECURITY FILE` parameter in the affected endpoint.
PT-2009-4827
6.8
2009-07-09
Dm · File Manager · CVE-2009-2399
**Name of the Vulnerable Software and Affected Versions** DM FileManager version 3.9.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `SECURITY FILE` parameter when `register globals` is enabled. **Recommendations** For DM FileManager version 3.9.4, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `album.php` file in the `dm-albums/template` directory to minimize the risk of exploitation. Avoid using the `SECURITY FILE` parameter in the affected URL until the issue is resolved.
PT-2009-4737
7.5
2009-07-02
Ard · Ard-9808 Dvr Card · CVE-2009-2306
**Name of the Vulnerable Software and Affected Versions** ARD-9808 DVR card (affected versions not specified) **Description** The issue concerns the storage of sensitive information under the web root with insufficient access control. This allows remote attackers to download a file containing usernames and passwords via a direct request for "dvr.ini". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.