CVE-2011-1187

Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."...

Google Chrome < 10.0.648.127 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 10.0.648.127. Such versions are reportedly affected by multiple vulnerabilities : - It may be possible to navigate or close the top location in a sandboxed frame. Issue 42574, 42765 - A cross-origin error message leak exist...

ZDI-11-095: Apple Webkit Error Message Mutation Remote Code Execution Vulnerability

ZDI-11-095: Apple Webkit Error Message Mutation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-095 March 2, 2011 -- CVE ID: CVE-2010-1824 -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPointT...

Cross site scripting

Cross-site scripting XSS vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message...

CVE-2010-4753

Cross-site scripting XSS vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message...

Installation Path Disclosure Weakness in xt:Commerce

High-Tech Bridge SA Security Research Lab has discovered a weakness in xt:Commerce which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in xt:Commerce The weakness exists due to application reveals the full path to installation...

CVE-2011-1103

The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals...

Design/Logic Flaw

The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals...

Installation Path Disclosure Weakness in Tribiq CMS | HTB22857

High-Tech Bridge SA Security Research Lab has discovered a weakness in Tribiq CMS which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in Tribiq CMS: CVE-2011-2727 The weakness exists due to application reveals the full path to...

CVE-2011-0774

PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to 1 includes/ping.php and 2 includes/spamping.php, which reveals the installation path in an error message...

Information disclosure

DISPUTED Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debu...

Hewlett-Packard OpenView Network Node Manager nnmRptConfig.exe Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within nnmRptConfig.exe CGI which is exposed by the webserver which listens by defaul...

Design/Logic Flaw

admin/upgradeunattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid dbtype parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP...

CVE-2010-4608

Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to 1 header.php and 2 commentsitems.php in system/admin/, which reveals the installation path in an error message...

CVE-2010-4611

Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to 1 pages.php and 2 menu.php in includes/corefiles and 3 extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message...

CVE-2010-4401

languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...

CVE-2010-4403

The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to 1 dashwidget.php and 2 register-plus.php, which reveals the installation path in an error message...

Information disclosure

languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...

Installation Path Disclosure Weakness in CLANSPHERE

High-Tech Bridge SA Security Research Lab has discovered a weakness in CLANSPHERE which could be exploited to gain access to potentially sensitive information. 1 Installation path disclosure weakness in CLANSPHERE The weakness exists due to application reveals the full path to installation...

XSS in Horde Application Framework &lt;=3.3.8, icon_browser.php

Hi, Horde Application Framework v3.3.8 and lower are subject to a cross site scripting XSS vulnerability. The iconbrowser.php script fails to properly sanitize user supplied input to the 'subdir' URL parameter before printing it out as part of a HTML formatted error message. The following URL can...