phpmyadmin -- information disclosure vulnerability

A phpMyAdmin security announcement reports: By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin...

CVE-2004-1577

index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message...

CVE-2004-1677

pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message...

CVE-2004-1600

CVE-2004-1600 affects index.php in CoolPHP 1.0-stable, where a malformed op parameter allows remote attackers to reveal the path in an error message, exposing sensitive information (NVD: CVSSv2 base 5.0, MEDIUM). The issue is described consistently across NVD/CVE references; no remediation or exp...

CVE-2004-1600

index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message...

CVE-2004-1662

YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message...

CVE-2004-1509

validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encodedlogin parameter, which reveals the full path in an error message...

CVE-2005-0459

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to selectlang.lib.php, which reveals the path in a PHP error message...

security flaw

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

security flaw

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers...

CVE-2005-0085

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

CVE-2005-0433

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to 1 db.php, 2 mainfile.php, 3 Downloads/index.php, or 4 WebLinks/index.php, which lists the path in a PHP error message...

CVE-2005-0085

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

CVE-2005-0433

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to 1 db.php, 2 mainfile.php, 3 Downloads/index.php, or 4 WebLinks/index.php, which lists the path in a PHP error message...

ht://Dig HTTP indexing and searching system crossite scripting

Crossite scripting vulnerability during error message generation...

CVE-2004-1410

Cross-site scripting XSS vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229...

CVE-2004-1428

CVE-2004-1428 affects ArGoSoft FTP Server before 1.4.2.1. The authentication error message differs for nonexistent usernames, enabling remote attackers to enumerate valid usernames. This information disclosure can facilitate dictionary attacks against the remote host. A fix is available: upgrade ...

Logon with wrong user/password gives 'weird' errorpage.

Error screen after wrong login is 'weird'...

CVE-2005-0326

pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script...

CVE-2004-1385

CVE-2004-1385 affects phpGroupWare up to version 0.9.16.003. The vulnerability is an information-disclosure issue where an error message reveals the web server path due to (1) unexpected characters in the session ID (shell metacharacters), (2) an invalid appname parameter to preferences.php, or (...