Lucene search
K

3858 matches found

CVE
CVE
added 2011/09/23 11:0 p.m.53 views

CVE-2011-3748

CVE-2011-3748 affects Kamads Classifieds 2_B3. An information-disclosure flaw exists where remote attackers can obtain sensitive data by requesting a PHP file directly, causing an error message that reveals the installation path (illustrated by V2A_XHTML/style/view.php and related files). The con...

5CVSS6.3AI score0.01335EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.18 views

CVE-2011-3737

eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by apps/rmail/webmail/program/lib/Net/SMTP.php and certain other files...

6.1AI score0.01335EPSS
Exploits1References3
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.19 views

CVE-2011-3698

AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/pollvote.php and certain other files...

6.1AI score0.01335EPSS
Exploits1References3
CVE
CVE
added 2011/09/23 11:0 p.m.36 views

CVE-2011-3750

The CVE-2011-3750 entry describes a information-disclosure vulnerability in kPlaylist 1.8.502. An unauthenticated remote attacker can trigger direct requests to certain PHP files (e.g., getid3/getid3/write.id3v1.php) and receive error messages that reveal the installation path, exposing sensitive...

5CVSS6.3AI score0.01335EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.21 views

CVE-2011-3710

bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files...

6.1AI score0.01335EPSS
Exploits1References3
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.19 views

CVE-2011-3697

Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraphradar.php and certain other files...

6.1AI score0.01335EPSS
Exploits1References3
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.22 views

CVE-2011-3704

appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php...

6.1AI score0.01335EPSS
Exploits1References3
CVE
CVE
added 2011/09/23 11:0 p.m.49 views

CVE-2011-3741

CVE-2011-3741 affects Ganglia 3.1.7 and allows remote attackers to disclose sensitive information by requesting certain .php files (e.g., host_view.php), causing error messages that reveal the installation path. The vulnerability is a file-path disclosure via direct access to PHP scripts. The pro...

5CVSS6.3AI score0.01373EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.23 views

CVE-2011-3719

CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files...

6.1AI score0.01335EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2011/09/23 11:0 p.m.23 views

CVE-2011-3699

John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files...

5CVSS6.2AI score0.01373EPSS
Exploits1
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.17 views

CVE-2011-3724

CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files...

6.1AI score0.01335EPSS
Exploits1References3
CVE
CVE
added 2011/09/23 11:0 p.m.71 views

CVE-2011-3695

CVE-2011-3695 affects 111WebCalendar 1.2.3, where an attacker can disclose installation path information by directly requesting a PHP file, causing an error message (as shown by footer.php and related files). The root cause is improper disclosure through error output when accessing certain PHP fi...

5CVSS6.3AI score0.01335EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.24 views

CVE-2011-3741

Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by hostview.php and certain other files...

6.1AI score0.01373EPSS
Exploits1References3
CVE
CVE
added 2011/09/23 11:0 p.m.37 views

CVE-2011-3704

CVE-2011-3704 affects appRain 0.1.0, where a direct request to a PHP file can disclose the installation path in an error message (demonstrated via cron.php). This is an information-disclosure flaw that enables remote attackers to learn sensitive directory structure information. The public records...

5CVSS6.3AI score0.01335EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.25 views

CVE-2011-3755

MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewallinc.php and certain other files...

6AI score0.01414EPSS
Exploits1References5
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.20 views

CVE-2011-3758

::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smartyinternaltemplate.php and certain other files...

6.1AI score0.01229EPSS
Exploits0References3
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.19 views

CVE-2011-3756

MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files...

6.1AI score0.01335EPSS
Exploits1References3
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.24 views

CVE-2011-3727

DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files...

5.8AI score0.01952EPSS
Exploits1References9
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.18 views

CVE-2011-3717

ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signupcaptcha/signupcaptcha.php and certain other files...

6.1AI score0.01335EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2011/09/21 12:0 a.m.21 views

CGI Generic XPath Injection (2nd pass)

By providing specially crafted parameters to CGIs, Nessus was able to get an error from the underlying XPath engine. This error suggests that the CGI is affected by an XPath injection vulnerability. An attacker may exploit this flaw to bypass authentication or read confidential data. %NASLMINLEVE...

5.6AI score
Exploits0
Rows per page
Query Builder