73 matches found
CVE-2004-0066
phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to 1 indilist.php, 2 famlist.php, 3 placelist.php, 4 imageview.php, 5 timeline.php, 6 clippings.php, 7 login.php, and 8 gdbi.php...
CVE-2004-0066
phpGedView is affected by CVE-2004-0066 up to version 2.64. The vulnerability allows remote attackers to disclose the web server’s absolute path via malformed parameters to multiple PHP pages (indilist.php, famlist.php, placelist.php, imageview.php, timeline.php, clippings.php, login.php, gdbi.ph...
CVE-2003-1269
AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message...
CVE-2003-1242
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message...
CVE-2003-1486
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to 1 smileys.php, 2 quicklistrss.php, 3 purge.php, 4 news.php, 5 memberlist.php, 6 forumlistrss.php, 7 forumlistrdf.php, 8 forumlist.php, or 9 move.php, which leaks the...
CVE-2003-1469
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message...
CVE-2003-1468
The WebLinks module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message...
CVE-2002-2045
xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to 1 execute PHP commands such as phpinfo or 2 obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message...
CVE-2002-0446
The CVE-2002-0446 entry describes a path disclosure vulnerability in Black Tie Project (BTP) versions 0.4b through 0.5b. Specifically, categorie.php3 exposes the server’s absolute path to remote attackers via an invalid category ID (cid) parameter, leaking the pathname in an error message. Affect...
CVE-2002-0446
categorie.php3 in Black Tie Project BTP 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID cid parameter, which leaks the pathname in an error message...
CVE-2000-1110
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program...
CVE-1999-1006
The OpenVAS entry for CVE-1999-1006 documents a GroupWise Web Interface vulnerability in GWWEB.EXE where manipulating the HELP URL request yields information disclosure, including reading local files on the remote host. This confirms the vulnerability class as an information disclosure via a web ...
groupwise.web.txt
Problems found with GroupeWise web server Novell was contacted 3 weeks ago and no reply ----------------------------------------------------------------- 1. The help argument in GWWEB.EXE reveal full web path on the server 2. anyone can read a .htm file on the system with the GWWEB.EXE and the HE...