CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via 1 unexpected characters in the session ID such as shell metacharacters, 2 an invalid appname parameter to preferences.php or 3 an invalid menuaction parameter to index.php, which reveals the web server...

CVE-2004-2196

Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to 1 admpages.php, 2 corrpages.php, 3 delblock.php, 4 delpage.php, 5 footer.php, 6 home.php, and others...

CVE-2004-0665

csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message...

CVE-2004-2009

NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via 1 a direct call to mainfunctions.php, 2 an invalid jokeid parameter in a JokeView function or 3 an invalid cat parameter in a CatView function, which reveals the path in a PHP error message...

Corsaire Security Advisory - Verity Ultraseek path disclosure issue

-- Corsaire Security Advisory -- Title: Verity Ultraseek path disclosure issue Date: 04.01.13 Application: Verity Ultraseek 5.2.1 and prior Environment: Solaris 7, Windows NT, Windows 2000, Redhat Linux Author: Martin O'Neal [email protected] Audience: Vendor notification Reference:...

CVE-2004-1956

PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the 1 includes/blocks directory, 2 pnadodb directory, 3 NS-NewUser module, 4 NS-YourAccount, 5 NS-LostPassword module, or 6 NS-User module which reveals the path to the web server in a PHP error...

CVE-2004-1923

Tiki CMS/Groupware TikiWiki 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to 1 bannerclick.php, 2 categorize.php, 3 tiki-adminincludedirectory.php, 4 tiki-directorysearch.php, which reveal the web server path in an error message...

FloosieTek FTGate Mail Server 1.2 - Full Path Disclosure

FloosieTek FTGate Mail Server 1.2 - Full Path Disclosure source: https://www.securityfocus.com/bid/10059/info It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path. These issues may be...

FloosieTek FTGate Mail Server 1.2 - Full Path Disclosure

source: https://www.securityfocus.com/bid/10059/info It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path. These issues may be leveraged to gain sensitive information about the affect...

PT-2004-1439 · Allmyvisitors +3 · Allmyvisitors +3

Name of the Vulnerable Software and Affected Versions: AllMyVisitors affected versions not specified AllMyLinks affected versions not specified AllMyGuests affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the AMVconfigcfg...

TalentSoft Web+ webplus.exe Path Disclosure

The remote host appears to be running Web+ Application Server. The version of Web+ installed on the remote host reveals the physical path of the application when it receives a script file error. %NASLMINLEVEL 70300 This script was written by David Kyger See the Nessus Scripts License for details...

CVE-2004-0066

phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to 1 indilist.php, 2 famlist.php, 3 placelist.php, 4 imageview.php, 5 timeline.php, 6 clippings.php, 7 login.php, and 8 gdbi.php...

CVE-2004-0066

phpGedView is affected by CVE-2004-0066 up to version 2.64. The vulnerability allows remote attackers to disclose the web server’s absolute path via malformed parameters to multiple PHP pages (indilist.php, famlist.php, placelist.php, imageview.php, timeline.php, clippings.php, login.php, gdbi.ph...

CVE-2003-1269

AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message...

CVE-2003-1242

Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message...

CVE-2003-1469

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message...

CVE-2003-1486

Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to 1 smileys.php, 2 quicklistrss.php, 3 purge.php, 4 news.php, 5 memberlist.php, 6 forumlistrss.php, 7 forumlistrdf.php, 8 forumlist.php, or 9 move.php, which leaks the...

CVE-2003-1468

The WebLinks module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message...

CVE-2003-0268

SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message...

CVE-2003-0268

SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message...