CVE-2005-3132

MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlistinc.html, which reveals the path in an error message...

CVE-2005-2887

MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to 1 wiki.php, 2 AutoTheme directory, 3 Blocks directory, 4 admin.php, 5 pnadmin.php, or 6 Topics directory, which reveal the path in an error message...

CVE-2005-2895

setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 a null byte in the u parameter, which reveals the path in an error message...

CVE-2005-2897

WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php...

CVE-2005-2897

WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php...

Fedora Core 3 : postgresql-7.4.7-3.FC3.1 (2005-157)

Mon Feb 21 2005 Tom Lane 7.4.7-3.FC3.1 - Work around selinux EOF problem during initdb bug 149237. - Repair improper error message in init script when PGVERSION doesn't match. - Arrange for auto update of version embedded in init script. - Fix improper call of strerrorr, which leads to junk error...

CVE-2005-2732

AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message...

CVE-2005-2730

The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message...

CVE-2005-2576

CaLogic 1.22 (and possibly earlier) is affected by CVE-2005-2576. A remote attacker can cause an information disclosure by requesting any of the following endpoints: doclsqlres.php, clmcpreload.php, viewhistlog.php, mcconfig.php, doclsqlbak.php, defcalsel.php, or cl_minical.php. The vulnerability...

CVE-2005-2546

Arab Portal 2.0 allows remote attackers to obtain sensitive information via a long 1 username or 2 password, which reveals the path in an error message when the undefined "errmsg" function is called...

CVE-2005-2474

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to 1 PersonView.php, 2 MemberRoleChange.php, 3 PropertyAssign.php, 4 WhyCameEditor.php, 5 GroupPropsEditor.php, 6 Reports/PDFLabel.php, or 7 UserDelete.php, an invalid Number parameter to 8...

CVE-2005-2477

shopdisplayproducts.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a catid with a "'" single quote, which reveals the path in an error message, possibly due to an SQL injection vulnerability...

CVE-2004-2296

The previewreview function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message...

CVE-2005-2423

Technical details are not publicly available in the provided documents. Monitor for updates from official advisories to obtain affected products, vulnerable components, impact, and remediation.

CVE-2005-2436

CVE-2005-2436 affects Website Baker Project. Affected functionality: browse.php allows remote disclosure of sensitive data. Root cause: error messages reveal the filesystem path when accessing (1) a non-existent dir parameter value or (2) direct requests to certain PHP files. Impact: partial conf...

CVE-2005-2433

PhpList allows remote attackers to obtain sensitive information via a direct request to 1 about.php, 2 connect.php, 3 domainstats.php or 4 usercheck.php in publichtml/lists/admin directory, 5 attributes.php, 6 dbcheck.php, 7 importcsv.php, 8 user.php, 9 usermgt.php, or 10 users.php in...

CVE-2005-2289

PHPCounter 7.2 allows remote attackers to obtain sensitive information via a direct request to prelims.php, which reveals the path in an error message...

FreeBSD : cups-lpr -- lppasswd multiple vulnerabilities (7850a238-680a-11d9-a9e7-0001020eed82)

D. J. Bernstein reports that Bartlomiej Sieka has discovered several security vulnerabilities in lppasswd, which is part of CUPS. In the following excerpt from Bernstein's email, CVE names have been added for each issue : First, lppasswd blithely ignores write errors in fputsline,outfile at lines...

FreeBSD : phpmyadmin -- information disclosure vulnerability (a7062952-9023-11d9-a22c-0001020eed82)

A phpMyAdmin security announcement reports : By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmi...

CVE-2005-2110

WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via 1 a direct request to menu-header.php or a "1" value in the feed parameter to 2 wp-atom.php, 3 wp-rss.php, or 4 wp-rss2.php, which reveal the path in an error message. NOTE: vector 1 was later reported to al...