CVE-2003-0268

CVE-2003-0268 concerns SLWebMail 3 on Windows. The vulnerability arises when remote attackers cause invalid requests to DLLs (e.g., WebMailReq.dll), causing the server to disclose its full path in an error message. This is an information disclosure vulnerability with potential reconnaissance risk...

CVE-2002-0462

CVE-2002-0462 affects bigsam_guestbook.php (Big Sam Built-In Guestbook Stand-Alone Module) version 1.1.08 and earlier. The vulnerability arises from a displayBegin parameter containing a very large number, which can cause denial of service via CPU consumption or leak the web server’s absolute pat...

CVE-2003-0051

parsexml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter...

Path Parsing Errata in Apache HTTP Server

Original Message: ----------------- From: [email protected] [email protected] Date: Wed, 22 Jan 2003 09:00:58 -0500 To: [email protected] Subject: Path Parsing Errata in Apache HTTP Server Path Parsing Errata in Apache HTTP Server ABSTRACT The Apache HTTP Server...

CVE-2002-2045

xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to 1 execute PHP commands such as phpinfo or 2 obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message...

Easynews does not adequately validate user input thereby disclosing server installation path via crafted URL request

Overview Easynews does not adequately validate user input. Attackers may exploit this vulnerability to learn the filesystem path where the script is installed. Description Easynews is an open-source CGI script designed to create dynamic news story web pages and listings. Easynews does not properl...

CVE-2002-0524

ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by 1 calling database-inc.asp with incorrect cookies, or 2 calling Post.asp with certain arguments, which leak the pathname in an error message...

CVE-2002-0446

The CVE-2002-0446 entry describes a path disclosure vulnerability in Black Tie Project (BTP) versions 0.4b through 0.5b. Specifically, categorie.php3 exposes the server’s absolute path to remote attackers via an invalid category ID (cid) parameter, leaking the pathname in an error message. Affect...

CVE-2002-0446

categorie.php3 in Black Tie Project BTP 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID cid parameter, which leaks the pathname in an error message...

CVE-2002-0282

DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via 1 a direct request to adduser.php, or via an invalid newlanguage parameter in 2 contents.php, 3 categories.php, or 4 files.php, which leaks the path in an error message...

DEBIAN-CVE-2002-1592

The aplogrerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information...

askSam 4.0 Web Publisher - Cross-Site Scripting

source: https://www.securityfocus.com/bid/4670/info askSam is a database system. An optional component, askSam Web Publisher versions 1 and 4, is reportedly vulnerable to cross site scripting vulnerability in the asweb.exe or asweb4.exe component. This is due to a failure to strip script and HTML...

CVE-2002-0245

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to 1 determine the physical path of the server via a request for a nonexistent file with a .pl Perl extension, which leaks the pathname in the error message, or 2 make any request that causes an HTTP 500 error, which leaks th...

CVE-2002-0282

DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via 1 a direct request to adduser.php, or via an invalid newlanguage parameter in 2 contents.php, 3 categories.php, or 4 files.php, which leaks the path in an error message...

CVE-2002-0341

CVE-2002-0341 affects GroupWise Web Access 5.5 (GWWEB.EXE) where an HTTP request with an invalid HTMLVER parameter can disclose information about the remote host. OpenVAS details extend this to potential local-file read access via the GroupWise Web Interface, indicating information disclosure on ...

CVE-2002-0282

DCP-Portal versions 3.7–4.5 contain an information disclosure vulnerability that allows remote attackers to obtain the server’s physical path. The issue occurs when an empty request to add_user.php is made, or via an invalid new_language parameter in contents.php, categories.php, or files.php, ca...

Oracle 9i Application Server does not adequately handle requests for nonexistent JSP files thereby disclosing web folder path information

Overview Oracle 9i Application Servers Oracle 9iAS contain a default error page that can be used to find the physical path of files on the system. Description Oracle 9iAS will display a default error page when a nonexistent ".jsp" file is specified. In the body of this page is the entire local pa...

CVE-2000-1191

CVE-2000-1191 affects htsearch in htDig up to 3.2 beta, 3.1.6, 3.1.5 and earlier. The vulnerability arises when a non-existent configuration file is requested via the config parameter, causing an error message that reveals the server’s full path. This exposes potential information about the serve...

CVE-2001-0389

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument...

CVE-2001-0492

Netcruiser Web server (versions