309 matches found
12Planet Chat Server 2.5 - Error Message Installation Full Path Disclosure
12Planet Chat Server 2.5 - Error Message Installation Full Path Disclosure source: https://www.securityfocus.com/bid/7355/info When certain malformed URL requests are sent to a 12Planet Chat Server, the server's installation path may be revealed in the returned error message. This information cou...
Multiple bugs in Apache Tomcat
It's possible to obtain physical path and directory listing...
CVE-2002-1723
Powerboards 2.2b allows remote attackers to view the full path to the backend database by sending a cookie containing a non-existent username to profiles.php, which displays the full path in the error message...
CVE-2002-0524
ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by 1 calling database-inc.asp with incorrect cookies, or 2 calling Post.asp with certain arguments, which leak the pathname in an error message...
Oracle Reports Server 6.0.8/9.0.2 - Information Disclosure
source: https://www.securityfocus.com/bid/5262/info A problem with Reports Server could make it possible to gain sensitive information from the server. Under some circumstances, Reports Server may yield sensitive information to unauthenticated remote users. This information may include the system...
CVE-2001-0917
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension...
CVE-2002-0446
The CVE-2002-0446 entry describes a path disclosure vulnerability in Black Tie Project (BTP) versions 0.4b through 0.5b. Specifically, categorie.php3 exposes the server’s absolute path to remote attackers via an invalid category ID (cid) parameter, leaking the pathname in an error message. Affect...
IBM Lotus Domino Banner Nonexistent .pl File Request Path Disclosure
The remote web server appears to be a version of Lotus Domino that allows an attacker to determine the physical path to the web root by requesting a non-existent '.pl' file. C Tenable Network Security, Inc. based on php3pathdisclosure by Matt Moore References From: "PeterGrundl" To: "bugtraq"...
ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure
By requesting a nonexistent .JSP file, or by invoking the JSPServlet directly and supplying no filename, it is possible to make the ServletExec ISAPI filter disclose the physical path of the webroot. %NASLMINLEVEL 70300 This script was written by Matt Moore Script audit and contributions from...
CVE-2001-0276
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path...
CVE-2001-1282
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information...
oracle.9i.path.txt
Product: Oracle 9i Application Server. Description: The Oracle 9i Application Server uses the Apache web server for HTTP service. However, if a request is made for a non-existent .jsp file, the complete path is shown. For instance, if you were to make the following request at a server running...
CVE-2001-1099
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice...
Hexyn-sa-15.txt
Hexyn / Securax Advisory 15 - G6 FTP Full Installation Path Topic: G6 FTP Full Installation Path Announced: 2001-02-17 Affects: G6 FTP Server up to version 2.0 DISCLAIMER: THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. THEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW IS 100%...
CVE-2001-0200
HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled...
Working Resources BadBlue 1.2.7 - Full Path Disclosure
source: https://www.securityfocus.com/bid/2390/info Requesting a specially crafted URL to a machine running Working Resources BadBlue, will disclose the physical path to the root directory. http://target/ext.dll will result in: Error: opening c:\program files\badblue\pe\default.htx 2...
CVE-2001-0031
BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist...
Security Advisory(CSA-200012)
CHINANSL Security AdvisoryCSA-200012 Topic: Ultraseek Server 3.0 Vulnerability Release Dateёє Dec 6, 2000 Affected system: ============ Ultraseek Server 3.0 ЎЎЎЎ- SunOS Impact: ====== CHINANLS security team has found a security problem in Ultraseek Server 3.0 . Exploitation of this vulnerability,...
CVE-2000-0759
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path...
CVE-2000-0710
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name...