187 matches found
Schneider Electric U.motion Builder Error Message Path Vulnerability
U.motion Builder is a builder product from Schneider Electric France. An error message path vulnerability exists in Schneider Electric U.motion Builder. An exception message containing sensitive path information is returned to an attacker. This allows an attacker to exploit the vulnerability to...
Joomla! information disclosure vulnerability (CNVD-2017-06885)
Joomla is an open source, cross-platform content management system CMS developed using PHP and MySQL. An information disclosure vulnerability exists in Joomla! that can be exploited by remote attackers to submit a special request for sensitive path information...
UBUNTU-CVE-2016-10202
Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php...
Pornhub: Debug.log file Exposed to Public \Full Path Disclosure\
The researcher discovered a debug log file exposing path information...
Directory Traversal Through Malformed URI
httpcore5 and httpclient are vulnerable to directory traversal attacks. The vulnerability is possible because the string input by user is not validated for the presence of leading character / and is passed to the constructor as path information...
Wordpress Twentyfourteen Theme Path Information Disclosure Vulnerability
WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Twentyfourteen is a default theme for WordPress. A path information disclosure vulnerability exists in the Wordpress...
PT-2016-5685 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.10.4 Foreman versions 1.11.x prior to 1.11.2 Description: The issue allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH INFO to "tftp/". This is due to an eval injection...
CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
UBUNTU-CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
phpLiteAdmin Cross-Site Scripting Vulnerability
phpLiteAdmin is a software developer Dane Iracleous developed a set of PHP implementation and Web-based open-source SQLite database management tool . A cross-site scripting vulnerability exists in phpLiteAdmin version 1.1, which stems from a failure of the phpliteadmin.php script to adequately...
UBUNTU-CVE-2014-9743
Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...
DEBIAN-CVE-2014-9743
Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...
CVE-2015-3187
The svnrepostracenodelocations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path...
CVE-2015-3187
The svnrepostracenodelocations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path...
Path traversal
The svnrepostracenodelocations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path...
CVE-2015-3187
The svnrepostracenodelocations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path...
CVE-2015-3187
CVE-2015-3187 affects Apache Subversion: the svn_repos_trace_node_locations function in Subversion before 1.7.21 and in 1.8.x before 1.8.14 can disclose sensitive path information. When path-based authorization is used, remote authenticated users could read the history of a node that has been mov...
CVE-2015-3187
The svnrepostracenodelocations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path...
CVE-2015-3187
The svnrepostracenodelocations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path...