CVE-2011-3699

John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files...

CVE-2011-3718

CMS Made Simple CMSMS 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444...

CVE-2011-3737

eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by apps/rmail/webmail/program/lib/Net/SMTP.php and certain other files...

CVE-2011-3698

AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/pollvote.php and certain other files...

CVE-2011-3737

CVE-2011-3737 affects eyeOS 2.2.0.0 and enables information disclosure by remote users who can trigger a direct request to certain .php files (e.g., apps/rmail/webmail/program/lib/Net/SMTP.php), causing error messages that reveal the installation path. The vulnerability stems from exposing intern...

CVE-2011-3702

The vulnerability CVE-2011-3702 affects Ananta Gazelle 1.0. Affected software is Ananta Gazelle 1.0; exposure occurs via a direct request to a PHP file (e.g., modules/template.php) that reveals the installation path in an error message. This constitutes an information disclosure vulnerability, al...

CVE-2011-3710

bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files...

CVE-2011-3711

BIGACE 2.7.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/libs/javascript.inc.php and certain other files...

CVE-2011-3741

Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by hostview.php and certain other files...

CVE-2011-3744

HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files...

CVE-2011-3717

ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signupcaptcha/signupcaptcha.php and certain other files...

CVE-2011-3720

conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by syslibs/umlib/umauthserver.inc.php and certain other files...

CVE-2011-3752

CVE-2011-3752 affects LimeSurvey 1.90+ build9642-20101214. The issue is an information disclosure where remote attackers can trigger a direct request to a PHP file (e.g., admin/statistics.php) that reveals the installation path in an error message. This is described across multiple documents (NVD...

CVE-2011-3700

Vulnerability: CVE-2011-3700 in Advanced Electron Forum (AEF) 1.0.8. Issue: Remote attackers can disclose sensitive information by making a direct request to a PHP file (languages/english/deletetopic_lang.php), causing an error message that reveals the installation path. Impact: Information discl...

CVE-2011-3697

Achievo 1.4.5 is affected by CVE-2011-3697. Affected component: PHP files (e.g., modules/graph/jpgraph/jpgraph_radar.php) that reveal the installation path via an error message when a direct request is made. This is an information-disclosure flaw allowing remote attackers to obtain sensitive path...

CVE-2011-3720

ConceptCMS 5.3.1 and 5.3.3 (and possibly other versions) are affected by an information-disclosure vulnerability: remote attackers can obtain sensitive info via a direct request to a .php file, with an error message revealing the installation path (e.g., sys_libs/umlib/um_authserver.inc.php). Roo...

CVE-2011-3755

MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewallinc.php and certain other files...

CVE-2011-3706

ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/toolsettings.inc.php and certain other files...

CVE-2011-3714

ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php...

CVE-2011-3756

MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files...