CVE-2008-1181

Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message...

Information disclosure

Spyce - Python Server Pages PSP 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message...

Unrestricted file upload

Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...

CVE-2008-0636

Level Platforms, Inc. LPI Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SCAbout.htm, which provides version and patch information...

Unrestricted file upload

Unrestricted file upload vulnerability in cpuploadimage.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory...

Information disclosure

Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $SERVER superglobal...

CVE-2008-0260

minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...

CVE-2008-0260

minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...

CVE-2008-0260

CVE-2008-0260 affects minimal Gallery 0.8. The issue is an information-disclosure vulnerability where an attacker can remotely obtain configuration information by requesting php_info.php, which invokes phpinfo. The exposed data could include server configuration details and environment settings. ...

CVE-2008-0148

TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request...

Information disclosure

TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...

CVE-2008-0149

TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...

Improper access control

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz...

CVE-2007-6638

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz...

Design/Logic Flaw

OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for 1 shared/footer.php, 2 circ/mbrfields.php, or 3 admin/custommarcformfields.php, which reveals the path in various error messages...

CVE-2007-6512

PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc...

Improper access control

Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/...

CVE-2007-6271

CVE-2007-6271 affects Absolute News Manager.NET 5.1. The vulnerability is an information disclosure: remote attackers can obtain the installation path by requesting getpath.aspx, which leads to an error message revealing path details. The connected sources confirm this specific behavior across mu...

Information disclosure

TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-6221

TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...