Information disclosure

Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to 1 pagefooter.php and 2 pageheader.php, which displays the path in an error message...

Design/Logic Flaw

view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produc...

CVE-2006-2796

Cross-site scripting XSS vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message...

Cross site scripting

Cross-site scripting XSS vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message...

CVE-2006-2796

CVE-2006-2796 describes a reflected cross-site scripting (XSS) vulnerability in the gallery.php component of Captivate 1.0, where the page parameter is reflected in an error message and can be exploited by remote attackers to inject arbitrary HTML/Script. Affected software is Captivate 1.0 (galle...

CVE-2006-2796

Cross-site scripting XSS vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message...

CVE-2006-2643

Cross-site scripting XSS vulnerability in index.php in Monster Top List MTL 1.4 allows remote attackers to inject arbitrary web script or HTML via the usererrormessage parameter...

XSS in Monster Top List | MTL 1.4

XSS in Monster Top List | MTL 1.4 --------------------------------- Software : Monster Top List --------------------------------- version : Monster Top List 1.4 --------------------------------- Exploit : www.site.com/index.phpusererrormessage=XSS-CODE --------------------------------- Discovery ...

Sql injection

Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php...

Directory traversal

index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory...

CVE-2006-2535

index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory...

Design/Logic Flaw

viewalbum.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter...

CVE-2006-2463

viewalbum.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an...

CVE-2006-2364

CVE-2006-2364 is an XSS vulnerability affecting Macromedia ColdFusion 5 and earlier. The issue arises in the validation feature: if a related normal field is missing or empty, the _required field is not sanitized before being rendered in an error message, allowing remote script/HTML injection. Th...

Design/Logic Flaw

zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the 1 /photos/themes/default/ and 2 /photos/themes/testing/ URIs, which reveals the path in an error message...

Design/Logic Flaw

RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message...

CVE-2006-2169

CVE-2006-2169 affects RT: Request Tracker 3.5.HEAD. The vulnerability is described as a leak of the installation path via the Rows parameter in Dist/Display.html, exposed in an error message. The provided documents confirm the affected software and the underlying cause (exposed path information) ...

CVE-2006-2169

RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message...

CVE-2006-2091

admin.php in Virtual War VWar 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwarroot parameter, which reveals the path in an error message...