CVE-2004-1572 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2004-1572

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.

Affected Software

Name	Vendor	Start Version	End Version
Aj-fork	Aj-fork	167 (including)	167 (including)

References

http://echo.or.id/adv/adv07-y3dips-2004.txt
http://marc.info/?l=bugtraq\u0026m=109664986210763\u0026w=2
http://securitytracker.com/id?1011484
http://www.securityfocus.com/bid/11301
https://exchange.xforce.ibmcloud.com/vulnerabilities/17569
http://echo.or.id/adv/adv07-y3dips-2004.txt
http://marc.info/?l=bugtraq\u0026m=109664986210763\u0026w=2
http://securitytracker.com/id?1011484
http://www.securityfocus.com/bid/11301
https://exchange.xforce.ibmcloud.com/vulnerabilities/17569