CWE-264

Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.

Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb.

Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb.

Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb.

ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.

Sweex RO002 Router with firmware Ts03-072 has “rdc123” as its default password for the “rdc123” account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.