187 matches found
UBUNTU-CVE-2011-1723
Cross-site scripting XSS vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information...
CVE-2011-1671
Cross-site scripting XSS vulnerability in app/controllers/todoscontroller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to todos/tag/. NOTE: some of these details are obtained from third party information...
DEBIAN-CVE-2010-3070
Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...
dedecms 5.5 procedure leaked site path information-vulnerability warning-the black bar safety net
Vulnerability description: dedecms 5.5 procedure leaked site path information. Test address: http://www.dedecms.com/plus/paycenter/alipay/returnurl.php http://www.dedecms.com/plus/paycenter/cbpayment/autoreceive.php http://www.dedecms.com/plus/paycenter/nps/configpaynps.php...
dedecms proof path for the latest vulnerability-vulnerability warning-the black bar safety net
Vulnerability description: dedecms 5.5 procedure leaked site path information. As shown in Figure: ! Test address: http://www.dedecms.com/plus/paycenter/alipay/retur... http://www.dedecms.com/plus/paycenter/cbpayment/au... http://www.dedecms.com/plus/paycenter/nps/configp...
Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities
source: https://www.securityfocus.com/bid/34725/info Invision Power Board is prone to an information-disclosure issue and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to determine path information or to...
Discuz! 路径信息泄露漏洞
目录\ucclient\data\cache,\forumdata\cache等下面的文件里对如:br / br / $CACHE'settings' = array br / 'accessemail' = '',br / 'censoremail' = '',br / 'censorusername' = '',br / 'dateformat' = 'y-n-j',br / 'doublee' = '1',br / 'nextnotetime' = '0',br / 'timeoffset' = '28800',br / ;br / br / br /...
mod_perl PerlRun denial of service
PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...
CVE-2008-0978
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type 1 0x2728, which provides operating system and path information; 2 0x274e, which lists Ethernet adapters; 3...
Design/Logic Flaw
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type 1 0x2728, which provides operating system and path information; 2 0x274e, which lists Ethernet adapters; 3...
php cross-site cookie insertion
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
php cross-site cookie insertion
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
php cross-site cookie insertion
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
DEBIAN-CVE-2007-4048
Cross-site scripting XSS vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
Apache AXIS 1.0 - Non-Existent WSDL Path Information Disclosure
Apache AXIS 1.0 - Non-Existent WSDL Path Information Disclosure source: https://www.securityfocus.com/bid/23687/info Apache AXIS is prone to a path-information-disclosure vulnerability. Remote unauthorized attackers may be able to determine webserver directory paths. Information obtained may aid...
CVE-2007-2253
Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for 1 sdk/blanks/formcontrol.php and 2 sdk/blanks/filemodules.php...
Path traversal
Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for 1 sdk/blanks/formcontrol.php and 2 sdk/blanks/filemodules.php...
CVE-2007-2253
CVE-2007-2253 affects Exponent CMS 0.96.6 Alpha and earlier. The vulnerability is a path disclosure where remote attackers can obtain path information by directly requesting (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. The connected documents provide these concrete affected...
DEBIAN-CVE-2007-1349
PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...
CVE-2006-2677
SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information...