CVE-2006-6231

vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message...

CVE-2006-5844

Speedywiki 2.0 is affected. The vulnerability allows remote attackers to disclose the web server’s full path by abusing the showRevisions[] and searchText[] parameters in index.php, and also via a direct request to upload.php with no parameters. This aligns with NVD data and PT Security’s advisor...

PT-2006-6518 · Speedywiki · Speedywiki

Name of the Vulnerable Software and Affected Versions: Speedywiki version 2.0 Description: The issue allows remote attackers to obtain the full path of the web server. This can be achieved via the showRevisions and searchText parameters in "index.php", and also through a direct request to...

CVE-2006-5759

index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty 1 rns or 2 pag arguments, which reveals the path in an error message...

CVE-2006-5759

The connected PT-2006-6440 entry confirms a path-disclosure vulnerability in Rhadrix If-CMS, affecting versions 1.01–2.07. The issue arises when empty arguments rns[] or pag[] are provided, causing an error message that reveals the web server’s full filesystem path. This can aid an attacker in lo...

PT-2006-6440 · Rhadrix · Rhadrix If-Cms

Name of the Vulnerable Software and Affected Versions: Rhadrix If-CMS versions 1.01 through 2.07 Description: The issue allows remote attackers to obtain the full path of the web server. This is achieved by providing empty arguments, specifically rns or pag, which results in an error message that...

CVE-2006-4899

The ePPIServlet script in Computer Associates CA eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" single quote in the PIProfile function, which leaks the path in an error message...

CVE-2006-4899

The ePPIServlet script in Computer Associates CA eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" single quote in the PIProfile function, which leaks the path in an error message...

Deserialization of untrusted data

index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action...

CVE-2006-2690

An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid 1 perso or 2 aide parameters...

CVE-2006-1445

Buffer overflow in the FTP server FTPServer in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."...

CVE-2006-2347

E-Business Designer eBD 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in 1 the id parameter to formgrupo.html, or requests to the 2 archivos/ and 3 files/ directories. NOTE: this issue might be resultant...

CVE-2006-2347

The CVE-2006-2347 entry concerns E-Business Designer (eBD) 3.1.4 and earlier. The vulnerability allows remote attackers to reveal the web server’s full path by supplying special values (e.g., a single quote) to the id parameter in form_grupo.html or by requesting the archivos/ and files/ director...

[Full-disclosure] phpBB 2.0.20 Full Path Disclosure and SQL Errors

Source: http://securityreason.com/achievementsecurityalert/38 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.20 Full Path Disclosure and SQL Errors Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 1.5.2006 - -Public: 5.5.2006 from SecurityReason.Com CVE: - - CVE-2006-2219 Full...

Open redirect

Open Bulletin Board OpenBB 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to 1 misc.php and 2 member.php...

Design/Logic Flaw

MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php...

Path traversal

Jupiter CMS 1.1.5, when displayerrors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php...

CVE-2006-1677

MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php...

CVE-2006-1677

MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php...

PT-2006-2671 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MDPro versions prior to 1.076 Description: The issue allows remote attackers to obtain the full path of the server via a direct request to "includes/legacy.php". Recommendations: For versions prior to 1.076, consider restricting access...