- The Zend Framework uses a file named <strong>application.ini</strong> where various sensitive data is stored (such as database credentials). This file is located in the <strong>/application/configs</strong> directory. Normally this file is not dirrectly accessible but some developers improperly set the application root and make this file acessible from the web.
- Restrict access to this file or set your document_root to myapp/public and not myapp.. To restrict access to the file, create a .htaccess file in the directory "/application/configs" that contains the following line: <code><pre> deny from all </code> </pre>
- Apache Tomcat "allowLinking" on Case Insensitive Filesystems
- WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)
- WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)
- Tiki Wiki CMS: Remote Code Execution via Calendar Module
- WordPress Plugin wp superb Slideshow Information Disclosure (2.4)