3856 matches found
UBUNTU-CVE-2011-3740
FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdfbridge.php and certain other files...
CVE-2011-3730
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files...
Information disclosure
CMS Made Simple CMSMS 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444...
Information disclosure
Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files...
Information disclosure
appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php...
Information disclosure
ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signupcaptcha/signupcaptcha.php and certain other files...
CVE-2011-3707
JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files...
Information disclosure
John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files...
Design/Logic Flaw
HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files...
CVE-2011-3701
AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files...
CVE-2011-3753
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files...
CVE-2011-3704
CVE-2011-3704 affects appRain 0.1.0, where a direct request to a PHP file can disclose the installation path in an error message (demonstrated via cron.php). This is an information-disclosure flaw that enables remote attackers to learn sensitive directory structure information. The public records...
CVE-2011-3758
::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smartyinternaltemplate.php and certain other files...
CVE-2011-3724
CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files...
CVE-2011-3722
Coppermine Photo Gallery CPG 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files...
CVE-2011-3751
LifeType 1.2.10 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/badbehavior/pluginbadbehavior.class.php...
CVE-2011-3727
DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files...
CVE-2011-3733
Elgg 1.7.6 is affected by CVE-2011-3733. An information-disclosure flaw allows remote attackers to obtain sensitive data by making a direct request to certain PHP files, which reveals the installation path in an error message (as demonstrated by vendors/simpletest/test/visual_test.php and related...
CVE-2011-3750
The CVE-2011-3750 entry describes a information-disclosure vulnerability in kPlaylist 1.8.502. An unauthenticated remote attacker can trigger direct requests to certain PHP files (e.g., getid3/getid3/write.id3v1.php) and receive error messages that reveal the installation path, exposing sensitive...
CVE-2011-3745
CVE-2011-3745 affects HycusCMS 1.0.3. Affected component/file: templates/hycus_template/template.php. The issue is an information disclosure where a direct request to a PHP file reveals the installation path in an error message. No exploitation details are provided in the connected documents. No ...