149 matches found
CVE-2005-3255
The 1 cgiwrap and 2 php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs...
CVE-2005-2956
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files...
CVE-2005-2381
PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to 1 question.php, 2 survey.php, or 3 group.php in the root directory, a direct request to 4 database.php, 5 sessioncontrol.php, 6 html.php, 7 sessioncontrol.php, an invalid 8 qid parameter to...
CVE-2005-2110
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via 1 a direct request to menu-header.php or a "1" value in the feed parameter to 2 wp-atom.php, 3 wp-rss.php, or 4 wp-rss2.php, which reveal the path in an error message. NOTE: vector 1 was later reported to al...
DEBIAN-CVE-2005-1688
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in 1 wp-content/themes/, 2 wp-includes/, or 3 wp-admin/, which reveal the path in an error message...
PT-2005-2664 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: Wordpress versions 1.5 and earlier Description: The issue allows remote attackers to obtain sensitive information via a direct request to files in 1 wp-content/themes/, 2 wp-includes/, or 3 wp-admin/, which reveal the path in an error message...
CVE-2005-0544
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...
CVE-2005-0869
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...
CVE-2004-2196
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to 1 admpages.php, 2 corrpages.php, 3 delblock.php, 4 delpage.php, 5 footer.php, 6 home.php, and others...