CVE-2006-0704

iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, we...

Directory traversal

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to 1 read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or 2 include arbitrary files via the template parameter to...

CVE-2006-0660

CVE-2006-0660 affects FarsiNews 2.5 and earlier. Multiple directory-traversal flaws allow remote attackers to read arbitrary files or trigger path disclosures via invalid names or ".." in the archive parameter to index.php, or to include arbitrary files via the template parameter to show_archives...

Path traversal

MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message...

CVE-2006-0589

CVE-2006-0589 affects MyTopix 1.2.3. The vulnerability allows remote attackers to obtain the installation path by making a direct request to logon.mod.php, which leaks the path in an error message. No explicit exploit code or in-the-wild details are provided in the documents beyond this. The conn...

DEBIAN-CVE-2006-0519

SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message...

CVE-2006-0519

SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message...

Cross site request forgery (csrf)

search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters...

Design/Logic Flaw

TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to 1 thumbs.php, 2 showpic.php, or 3 tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails...

CVE-2006-0327

TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to 1 thumbs.php, 2 showpic.php, or 3 tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the 1 item parameter in item.pl and 2 category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wro...

CVE-2006-0217

Multiple cross-site scripting XSS vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the 1 item parameter in item.pl and 2 category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wro...

CVE-2006-0208

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...

CVE-2006-0208

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...

Information disclosure

boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to 1 footer.php and 2 sidemenu.php, which reveals the path in an error message...

Path traversal

Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sphelperfunctions.php, which leaks the pathname in an error message...

CVE-2006-0113

Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sphelperfunctions.php, which leaks the pathname in an error message...

CVE-2006-0073

Cross-site scripting XSS vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this...

CVE-2005-2463

Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message...