Lucene search
K

309 matches found

exploitpack
exploitpack
added 2003/04/11 12:0 a.m.11 views

12Planet Chat Server 2.5 - Error Message Installation Full Path Disclosure

12Planet Chat Server 2.5 - Error Message Installation Full Path Disclosure source: https://www.securityfocus.com/bid/7355/info When certain malformed URL requests are sent to a 12Planet Chat Server, the server's installation path may be revealed in the returned error message. This information cou...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2003/02/01 12:0 a.m.39 views

Multiple bugs in Apache Tomcat

It's possible to obtain physical path and directory listing...

1.2AI score
Exploits0References3Affected Software1
NVD
NVD
added 2002/12/31 5:0 a.m.13 views

CVE-2002-1723

Powerboards 2.2b allows remote attackers to view the full path to the backend database by sending a cookie containing a non-existent username to profiles.php, which displays the full path in the error message...

5CVSS6.6AI score0.01373EPSS
Exploits0References3
NVD
NVD
added 2002/08/12 4:0 a.m.13 views

CVE-2002-0524

ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by 1 calling database-inc.asp with incorrect cookies, or 2 calling Post.asp with certain arguments, which leak the pathname in an error message...

5CVSS6.7AI score0.01884EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2002/07/18 12:0 a.m.26 views

Oracle Reports Server 6.0.8/9.0.2 - Information Disclosure

source: https://www.securityfocus.com/bid/5262/info A problem with Reports Server could make it possible to gain sensitive information from the server. Under some circumstances, Reports Server may yield sensitive information to unauthenticated remote users. This information may include the system...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.30 views

CVE-2001-0917

Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension...

6.2AI score0.08176EPSS
Exploits0References6
CVE
CVE
added 2002/06/11 4:0 a.m.38 views

CVE-2002-0446

The CVE-2002-0446 entry describes a path disclosure vulnerability in Black Tie Project (BTP) versions 0.4b through 0.5b. Specifically, categorie.php3 exposes the server’s absolute path to remote attackers via an invalid category ID (cid) parameter, leaking the pathname in an error message. Affect...

5CVSS7.1AI score0.02596EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2002/06/08 12:0 a.m.85 views

IBM Lotus Domino Banner Nonexistent .pl File Request Path Disclosure

The remote web server appears to be a version of Lotus Domino that allows an attacker to determine the physical path to the web root by requesting a non-existent '.pl' file. C Tenable Network Security, Inc. based on php3pathdisclosure by Matt Moore References From: "PeterGrundl" To: "bugtraq"...

7.5CVSS5.4AI score0.02515EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2002/05/22 12:0 a.m.55 views

ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure

By requesting a nonexistent .JSP file, or by invoking the JSPServlet directly and supplying no filename, it is possible to make the ServletExec ISAPI filter disclose the physical path of the webroot. %NASLMINLEVEL 70300 This script was written by Matt Moore Script audit and contributions from...

5CVSS5.3AI score0.07556EPSS
Exploits0References2
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.24 views

CVE-2001-0276

ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path...

6.4AI score0.03468EPSS
Exploits1References4
NVD
NVD
added 2001/10/12 4:0 a.m.15 views

CVE-2001-1282

Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information...

5CVSS6.3AI score0.02188EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2001/09/19 12:0 a.m.37 views

oracle.9i.path.txt

Product: Oracle 9i Application Server. Description: The Oracle 9i Application Server uses the Apache web server for HTTP service. However, if a request is made for a non-existent .jsp file, the complete path is shown. For instance, if you were to make the following request at a server running...

7.4AI score
Exploits0
NVD
NVD
added 2001/09/07 4:0 a.m.16 views

CVE-2001-1099

The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice...

5CVSS6.6AI score0.03176EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2001/04/25 12:0 a.m.21 views

Hexyn-sa-15.txt

Hexyn / Securax Advisory 15 - G6 FTP Full Installation Path Topic: G6 FTP Full Installation Path Announced: 2001-02-17 Affects: G6 FTP Server up to version 2.0 DISCLAIMER: THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. THEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW IS 100%...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2001/03/09 5:0 a.m.16 views

CVE-2001-0200

HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled...

6.3AI score0.0602EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2001/02/20 12:0 a.m.30 views

Working Resources BadBlue 1.2.7 - Full Path Disclosure

source: https://www.securityfocus.com/bid/2390/info Requesting a specially crafted URL to a machine running Working Resources BadBlue, will disclose the physical path to the root directory. http://target/ext.dll will result in: Error: opening c:\program files\badblue\pe\default.htx 2...

7.4AI score
Exploits0
NVD
NVD
added 2001/02/16 5:0 a.m.22 views

CVE-2001-0031

BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist...

5CVSS6.4AI score0.01448EPSS
Exploits1References2
securityvulns
securityvulns
added 2000/12/07 12:0 a.m.28 views

Security Advisory(CSA-200012)

CHINANSL Security AdvisoryCSA-200012 Topic: Ultraseek Server 3.0 Vulnerability Release Dateёє Dec 6, 2000 Affected system: ============ Ultraseek Server 3.0 ЎЎЎЎ- SunOS Impact: ====== CHINANLS security team has found a security problem in Ultraseek Server 3.0 . Exploitation of this vulnerability,...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2000/09/21 4:0 a.m.24 views

CVE-2000-0759

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path...

6AI score0.2566EPSS
Exploits1References3
Cvelist
Cvelist
added 2000/09/21 4:0 a.m.26 views

CVE-2000-0710

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name...

6.3AI score0.26383EPSS
Exploits0References3
Rows per page
Query Builder