PT-2006-2671 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MDPro versions prior to 1.076 Description: The issue allows remote attackers to obtain the full path of the server via a direct request to "includes/legacy.php". Recommendations: For versions prior to 1.076, consider restricting access...

Path traversal

ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid 1 article or 2 print parameters in a kb action to index.php, or 3 an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message...

CVE-2006-1488

ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid 1 article or 2 print parameters in a kb action to index.php, or 3 an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message...

CVE-2006-1432

fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL...

Design/Logic Flaw

fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL...

CVE-2006-1432

fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL...

joomla.txt

RST/GHC -- JOOMLA CMS -- ADVISORY 37 Product: Joomla Affected version: 1.0.7 Last version: 1.0.7 Vendor: Joomla! URL: http://www.joomla.org/ online demo: http://demo.joomla.org/ VULNERABILITY CLASS: DoS, path disclosing Product Description Joomla! is a Content Management System CMS created by the...

CVE-2005-4389

search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid 1 submit.y, 2 bool, 3 itemsperpage, 4 submit, 5 submit.x, 6 criteria, 7 advanced, and 8 intern parameters...

CVE-2005-4384

CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid 1 fuseaction parameter to index.cfm and 2 documentid parameter to document/docWindow.cfm...

CVE-2005-4017

property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message...

CVE-2005-4026

CVE-2005-4026 affects Geeklog: search.php in Geeklog 1.4.x before 1.4.0rc1 and 1.3.x before 1.3.11sr3. The issue is an information disclosure where invalid datestart and dateend parameters trigger error messages that leak the web server path. This is a remote-style vulnerability that can reveal s...

CVE-2005-4017

The CVE-2005-4017 issue concerns Widget Property 1.1.19. The vulnerability is triggered by an invalid lang value in property.php that allows remote attackers to obtain the full server path, which is exposed in the resulting error message. The affected component is property.php within Widget Prope...

CVE-2005-3997

Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including 1 graphs/bannerdaily.php, 2 graphs/bannerinfobox.php, 3 graphs/banneryearly.php, 4 graphs/bannermonthly.ph...

n13SQL.php.txt

.::KingOfSka N-13 News Remote PHP Shell Injection::. || http://contropotere.altervista.org || .::KingOfSka N-13 News PHP Shell Injection::. || Contro Potere Hacking Crew || ' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile"; $sql = urlencode$sql; $expurl= $url."?id=".$sql ; echo ' Click Here to Exploit '; ech...

N-13 News 1.2 - SQL Injection

N-13 News 1.2 - SQL Injection source: https://www.securityfocus.com/bid/15643/info N-13 News is prone to an SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilitie...

CVE-2005-3622

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory...

CVE-2005-3622

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory...

DEBIAN-CVE-2005-3622

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory...

CVE-2005-3622

Summary: CVE-2005-3622 affects phpMyAdmin 2.7.0-beta1 and earlier, where remote attackers can obtain the server’s full path by directly requesting multiple scripts in the libraries directory. Impact: information disclosure of server path; no other integrity/confidentiality/vulnerability details p...

CVE-2003-1242

Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message...