CVE-2007-3059

SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sclanguage parameter to sendcard.php, which reveals the path in an error message...

CVE-2007-3059

SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sclanguage parameter to sendcard.php, which reveals the path in an error message...

Design/Logic Flaw

PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message...

CVE-2007-2780

PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message...

CVE-2007-2684

Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via 1 a direct request to a mainpage.php, b opentree.php, and c outputs.php; 2 a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or 3 the id parameter to admin/cms/opentree.php, which...

Phorum 5.1.20 - admin.php badwordsbanlist Module SQL Injection

Phorum 5.1.20 - admin.php badwordsbanlist Module SQL Injection source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site...

Re: [Full-disclosure] [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability

On Sun, Apr 22, 2007 at 05:41:25PM +0200, Sebastian Rother wrote: On Sun, 22 Apr 2007 01:32:35 -0400 [email protected] Youness Alaoui wrote: Hi, I'm a developer and admin of the aMSN project, someone just sent me this link...

CVE-2007-2066

UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...

CVE-2007-1597

Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain 1 the board log via a direct request for logs/board-YYYY-MM-DD.log, 2 the mail and private message PM log via a direct request for...

Design/Logic Flaw

w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the 1 bn array parameter to index.php, which expects a string, and 2 certain parameters to deleteforum.php, which displays the path name in the resulting error message...

Design/Logic Flaw

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message...

CVE-2007-1409

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message...

CVE-2006-7149

Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via 1 the query string to a index.php, which reflects the string in an error message from modlogin.php; and the 2 mcname parameter to b moscomment.php and c comcomment.ph...

CVE-2007-0894

MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to 1 Simple.deps.php, 2 MonoBook.deps.php, 3 MySkin.deps.php, or 4 Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message...

CVE-2006-2219

phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the 1 mode parameter to memberlist.php and the 2 highlight parameter to viewtopic.php that are used a...

CVE-2006-2220

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the...

ColdFusion crossite scripting

User-Agent field from HTTP request is used unfiltered in error message text. It's possible to manipulate client's User-Agent field through Flash...

CVE-2007-0597

Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message...

CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-SecurityPre-AdvisorySAPIGSRemoteBufferOverflow.pdf This advisory contains the full-detailed information regarding the vulnerability described in...

CVE-2007-0259

Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message...