CVE-2004-2374

BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML...

CVE-2002-2045

xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to 1 execute PHP commands such as phpinfo or 2 obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message...

DEBIAN-CVE-2005-2110

WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via 1 a direct request to menu-header.php or a "1" value in the feed parameter to 2 wp-atom.php, 3 wp-rss.php, or 4 wp-rss2.php, which reveal the path in an error message. NOTE: vector 1 was later reported to al...

e107 v0.617 several new and old vulnerabilities

Hello, The e107 is an open-source, PHP and SQL based portal and content management system1. I found some new vulnerabilities in the current release v0.617. Also some "older" flaws2 has been re-discovered in different ways. This email has been sent some months ago to the e107 developers. They fixe...

CVE-2005-1635

The provided Connected documents confirm that JGS-XA JGS-Portal

CVE-2005-1489

Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to 1 calendaraddevent.html, 2 calendarevent.html, or 3 calendartask.html...

CVE-2004-2009

NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via 1 a direct call to mainfunctions.php, 2 an invalid jokeid parameter in a JokeView function or 3 an invalid cat parameter in a CatView function, which reveals the path in a PHP error message...

CVE-2004-1956

PostNuke 0.7.2.6 is affected by CVE-2004-1956. The vulnerability allows remote attackers to cause information disclosure by issuing direct HTTP requests to files in the includes/blocks, pnadodb, NS-NewUser, NS-Your_Account, NS-LostPassword, and NS-User paths, which trigger PHP error messages reve...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

DEBIAN-CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2003-1101

Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message...

CVE-2005-0607

CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to 1 information.php, 2 language.php, 3 listdocs.php, 4 popularprod.php, 5 sale.php, 6 subfooter.inc.php, 7 subheader.inc.php, 8 catnavi.php, or 9 checksum.php, which...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-0433

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to 1 db.php, 2 mainfile.php, 3 Downloads/index.php, or 4 WebLinks/index.php, which lists the path in a PHP error message...

CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via 1 unexpected characters in the session ID such as shell metacharacters, 2 an invalid appname parameter to preferences.php or 3 an invalid menuaction parameter to index.php, which reveals the web server...

CVE-2004-1385

CVE-2004-1385 affects phpGroupWare up to version 0.9.16.003. The vulnerability is an information-disclosure issue where an error message reveals the web server path due to (1) unexpected characters in the session ID (shell metacharacters), (2) an invalid appname parameter to preferences.php, or (...

CVE-2004-1203

parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path...

CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via 1 unexpected characters in the session ID such as shell metacharacters, 2 an invalid appname parameter to preferences.php or 3 an invalid menuaction parameter to index.php, which reveals the web server...

CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via 1 unexpected characters in the session ID such as shell metacharacters, 2 an invalid appname parameter to preferences.php or 3 an invalid menuaction parameter to index.php, which reveals the web server...