Information disclosure

PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to 1 edCss.inc.php, 2 foot.inc.php, 3 getcsscolors.inc.php, 4 head.inc.php, 5 headstuff.inc.php, 6 loglist.inc.php, and 7 pphloggersend.inc.php in include/, which reveals the installation path in an...

CVE-2009-3727

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error message...

Windows Media Player Plugin: Local File Detection Vulnerability

No description provided by source. Windows Media Player Plugin: Local File Detection Vulnerability A design flaw in Windows Media Player 11 allows a remote attacker to determine the \ presence of local files programs, documents, etc.. I sent an e-mail to Microsoft \ nearly a year ago but they nev...

Windows Media Player Plugin: Local File Detection Vulnerability

Windows Media Player Plugin: Local File Detection Vulnerability A design flaw in Windows Media Player 11 allows a remote attacker to determine the presence of local files programs, documents, etc.. I sent an e-mail to Microsoft nearly a year ago but they never responded… Windows Media Player...

Mura CMS <= 5.1 xss

Exploit for unknown platform in category web applications =================== Mura CMS = 5.1 xss =================== Objective: Mura CMS = 5.1 Type: Disclosure of ways Threat: Medium Date Discovered: 22.09.2009 Date of notification Developer: 22.09.2009 Released corrections: Author: Vladimir...

CVE-2009-3815

RunCMS 2M1, when running with certain errorreporting levels, allows remote attackers to obtain sensitive information via 1 the op parameter to modules/contact/index.php or 2 uid parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a ca...

CVE-2009-3802

Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname "%%%" to admin/index.php, which reveals the installation path and other information in an error message...

Information disclosure

phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to 1 footer.php, 2 header.php, 3 the show action in advancedsearch.php, and 4 choicelist.php, which reveals the installation path in an error message...

postgresql: potential DoS due to conversion functions

PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service stack consumption and crash by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding...

SuSE9 Security Update : net-snmp (YOU Patch Number 12298)

Remote attackers could crash net-snmp via GETBULK-Request. CVE-2008-4309 In addition the following non-security issues have been fixed : - typo in error message bnc439857 - make OIDs longer than 256 chars work bnc345914 - typo in the snmpd init script to really load all agents bnc415127 - logrota...

Design/Logic Flaw

MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message...

Information disclosure

Coppermine Photo Gallery CPG 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message...

Information disclosure

Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 class/class.conffw.php, 2 class.module/class.eventmanager.php, 3 lib/lib.domxml5.php, or 4 menu/menuover.php in doceboCore/; or 5 class/class.confcms.php, 6 lib/lib.compose.php, 7...

CVE-2008-7154

Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 class/class.conffw.php, 2 class.module/class.eventmanager.php, 3 lib/lib.domxml5.php, or 4 menu/menuover.php in doceboCore/; or 5 class/class.confcms.php, 6 lib/lib.compose.php, 7...

Low: Red Hat Security Advisory: nfs-utils security and bug fix update

An updated nfs-utils package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The nfs-utils package provides a daemon for the kernel NFS server and related tools. It was discovered that...

Information disclosure

IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to 1 KnowledgeImpactCourse.htm, 2 LRN-formattedCourse.htm, or 3 CreateCourse.htm in help/1/Instructor/, which reveals the installation path in...

SQL query result set for injecting the effects and use-vulnerability and early warning-the black bar safety net

For injection purposes, the error message is extremely important. The so-called error message refers to and the correct page different results back, the master is very attention to this point, which injection point the precise judgment is essential. The ask discussed under several categories of...

Sql injection

index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid resultsperpage parameter, which leaks the path in an error message. NOTE: this issue might be resultant from a separate SQL injection vulnerability...

CVE-2009-2548

Format string vulnerability in Armed Assault aka ArmA 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 nickname and 2 datafile fields in a joi...

CVE-2009-2546

Directory traversal in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine whether arbitrary files exist via the avatargalfile parameter when changing an avatar, causing information disclosure through error messages. No patch or remediation is stated in the provided documents.