Information disclosure

MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files...

Information disclosure

Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files...

UBUNTU-CVE-2011-3740

FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdfbridge.php and certain other files...

CVE-2011-3755

MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewallinc.php and certain other files...

Information disclosure

Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files...

UBUNTU-CVE-2011-3744

HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files...

UBUNTU-CVE-2011-3699

John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files...

CVE-2011-3698

AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/pollvote.php and certain other files...

CVE-2011-3702

Ananta Gazelle 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/template.php and certain other files...

CVE-2011-3704

appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php...

CVE-2011-3720

conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by syslibs/umlib/umauthserver.inc.php and certain other files...

CVE-2011-3744

HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files...

CVE-2011-3704

CVE-2011-3704 affects appRain 0.1.0, where a direct request to a PHP file can disclose the installation path in an error message (demonstrated via cron.php). This is an information-disclosure flaw that enables remote attackers to learn sensitive directory structure information. The public records...

CVE-2011-3718

CMS Made Simple CMSMS 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444...

CVE-2011-3742

HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files...

CVE-2011-3697

Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraphradar.php and certain other files...

CVE-2011-3759

MyBB aka MyBulletinBoard 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files...

CVE-2011-3706

ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/toolsettings.inc.php and certain other files...

CVE-2011-3758

CVE-2011-3758 affects the package “::mound::” version 2.1.6 . A remote attacker can obtain sensitive information by directly requesting a PHP file, causing an error message that reveals the installation path (e.g., lib/smarty/libs/sysplugins/smarty_internal_template.php and related files). The pr...

CVE-2011-3752

CVE-2011-3752 affects LimeSurvey 1.90+ build9642-20101214. The issue is an information disclosure where remote attackers can trigger a direct request to a PHP file (e.g., admin/statistics.php) that reveals the installation path in an error message. This is described across multiple documents (NVD...