3858 matches found
CVE-2011-3748
CVE-2011-3748 affects Kamads Classifieds 2_B3. An information-disclosure flaw exists where remote attackers can obtain sensitive data by requesting a PHP file directly, causing an error message that reveals the installation path (illustrated by V2A_XHTML/style/view.php and related files). The con...
CVE-2011-3737
eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by apps/rmail/webmail/program/lib/Net/SMTP.php and certain other files...
CVE-2011-3698
AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/pollvote.php and certain other files...
CVE-2011-3750
The CVE-2011-3750 entry describes a information-disclosure vulnerability in kPlaylist 1.8.502. An unauthenticated remote attacker can trigger direct requests to certain PHP files (e.g., getid3/getid3/write.id3v1.php) and receive error messages that reveal the installation path, exposing sensitive...
CVE-2011-3710
bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files...
CVE-2011-3697
Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraphradar.php and certain other files...
CVE-2011-3704
appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php...
CVE-2011-3741
CVE-2011-3741 affects Ganglia 3.1.7 and allows remote attackers to disclose sensitive information by requesting certain .php files (e.g., host_view.php), causing error messages that reveal the installation path. The vulnerability is a file-path disclosure via direct access to PHP scripts. The pro...
CVE-2011-3719
CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files...
CVE-2011-3699
John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files...
CVE-2011-3724
CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files...
CVE-2011-3695
CVE-2011-3695 affects 111WebCalendar 1.2.3, where an attacker can disclose installation path information by directly requesting a PHP file, causing an error message (as shown by footer.php and related files). The root cause is improper disclosure through error output when accessing certain PHP fi...
CVE-2011-3741
Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by hostview.php and certain other files...
CVE-2011-3704
CVE-2011-3704 affects appRain 0.1.0, where a direct request to a PHP file can disclose the installation path in an error message (demonstrated via cron.php). This is an information-disclosure flaw that enables remote attackers to learn sensitive directory structure information. The public records...
CVE-2011-3755
MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewallinc.php and certain other files...
CVE-2011-3758
::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smartyinternaltemplate.php and certain other files...
CVE-2011-3756
MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files...
CVE-2011-3727
DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files...
CVE-2011-3717
ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signupcaptcha/signupcaptcha.php and certain other files...
CGI Generic XPath Injection (2nd pass)
By providing specially crafted parameters to CGIs, Nessus was able to get an error from the underlying XPath engine. This error suggests that the CGI is affected by an XPath injection vulnerability. An attacker may exploit this flaw to bypass authentication or read confidential data. %NASLMINLEVE...