Lucene search
K

80 matches found

OSV
OSV
added 2016/10/22 3:59 a.m.4 views

CVE-2016-0242

IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message...

4.3CVSS5.8AI score0.0084EPSS
Exploits0References2
CNVD
CNVD
added 2015/09/27 12:0 a.m.3 views

IBM OpenPages GRC Platform Information Disclosure Vulnerability

IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. IBM OpenPages GRC Platform has a security vulnerability that allows a remote attacker to submit a special request to obtain sensitive information from an erro...

4CVSS6.5AI score0.00966EPSS
Exploits0References1
OSV
OSV
added 2015/02/11 5:57 p.m.4 views

USN-2499-1 postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities

Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. CVE-2014-8161 Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly...

9.8CVSS6.9AI score0.05533EPSS
Exploits0References5
OSV
OSV
added 2013/07/29 2:6 p.m.12 views

MGASA-2013-0238 Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

6.5CVSS6.2AI score0.01832EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2008/10/21 6:0 p.m.4 views

CVE-2008-4638

qioadmin in the Quick I/O for Database feature in Symantec Veritas File System VxFS on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message...

4.6CVSS5.7AI score0.00325EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2008/03/18 7:22 p.m.7 views

krb5: possible leak of sensitive data from krb5kdc using krb4 request

The Kerberos 4 support in KDC in MIT Kerberos 5 krb5kdc does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."...

7.5CVSS7.4AI score0.03478EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/03/07 5:0 a.m.24 views

CVE-2005-0659

phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message...

6.1AI score0.01548EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/02/20 5:0 a.m.17 views

CVE-2004-1600

index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message...

6.5AI score0.01548EPSS
Exploits1References4
NVD
NVD
added 2005/01/10 5:0 a.m.14 views

CVE-2004-1226

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter...

5CVSS6.6AI score0.01212EPSS
Exploits0References2
NVD
NVD
added 2005/01/10 5:0 a.m.11 views

CVE-2004-1102

MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information...

5CVSS6.9AI score0.0879EPSS
Exploits1References4
Cvelist
Cvelist
added 2004/07/23 4:0 a.m.17 views

CVE-2004-0729

PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid 1 categoryrows parameter to index.php, 2 faq parameter to faq.php, or 3 ranksrow parameter to profile.php, which reveal the full path in an error message...

6.5AI score0.01425EPSS
Exploits0References5
exploitpack
exploitpack
added 2003/09/25 12:0 a.m.20 views

SBox 1.0.4 - Full Path Disclosure

SBox 1.0.4 - Full Path Disclosure source: https://www.securityfocus.com/bid/8705/info sbox has been reported prone to a path disclosure vulnerability. The issue has been reported to present itself when a HTTP request is made for a CGI resource that does not exist. sbox will reportedly return an...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/08/09 12:0 a.m.24 views

geeeekShop 1.4 - Information Disclosure

source: https://www.securityfocus.com/bid/8380/info geeeekShop is prone to multiple information disclosure vulnerabilities. Passing invalid data as URI parameters to geeeekShop scripts, will cause an error message to be displayed, which contains installation path information. Additionally it has...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/29 12:0 a.m.31 views

M-TECH P-Synch 6.2.5 - Full Path Disclosure

source: https://www.securityfocus.com/bid/7740/info Reportedly an attacker may make a malicious HTTP request for specific P-Synch executables passing an empty URI parameter to trigger the condition. Although unconfirmed, it is likely that the request will cause P-Sync to display an error message...

7AI score
Exploits0
OSV
OSV
added 2003/05/12 4:0 a.m.12 views

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

6.3AI score
Exploits0References13
NVD
NVD
added 2002/12/31 5:0 a.m.20 views

CVE-2002-2008

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message...

5CVSS6.4AI score0.0711EPSS
Exploits0References7
securityvulns
securityvulns
added 2002/05/21 12:0 a.m.36 views

Multiple bugs in hostingcontroller

Different error message on wrong user name and password makes it possible to check account existance. Directory traversal allows to access files outside web root...

4.1AI score
Exploits0References4Affected Software1
exploitpack
exploitpack
added 2002/03/21 12:0 a.m.19 views

PHP-Nuke 5.x - Error Message Web Root Disclosure

PHP-Nuke 5.x - Error Message Web Root Disclosure source: https://www.securityfocus.com/bid/4333/info PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a...

7.4AI score
Exploits0
NVD
NVD
added 2001/08/31 4:0 a.m.19 views

CVE-2000-1191

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...

5CVSS6.4AI score0.03046EPSS
Exploits0References4
exploitpack
exploitpack
added 2000/07/20 12:0 a.m.19 views

Apache Tomcat 3.1 - Path Revealing

Apache Tomcat 3.1 - Path Revealing source: https://www.securityfocus.com/bid/1531/info A vulnerability exists in the JSP portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent JSP file, too much information is presented by the server as part o...

7.4AI score
Exploits0
Rows per page
Query Builder