CVE-2005-4722

RequestMessage.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message...

[KAPDA::#17] - beehiveforum Script Injection

KAPDA New advisory Vendor: http://www.beehiveforum.net Vulnerable: Version 0.6.2 Bug: HTML Injection , Possible attacks with registerglobals = On Exploitation: Remote with browser Description: -------------------- Beehive Forum is a PHP-based message board system that uses a MySQL database...

CVE-2005-4368

roundcube webmail Alpha, with a default high verbose level $rcmailconfig'debuglevel' = 1, allows remote attackers to obtain the full path of the application via an invalidtask parameter, which leaks the path in an error message...

CVE-2005-4368

roundcube webmail Alpha, with a default high verbose level $rcmailconfig'debuglevel' = 1, allows remote attackers to obtain the full path of the application via an invalidtask parameter, which leaks the path in an error message...

CVE-2005-4358

admin/admindisallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid appendsid function call that leaks the path in an error message...

Round Cube Webmail 0.1 -20051021 - Full Path Disclosure

Round Cube Webmail 0.1 -20051021 - Full Path Disclosure source: https://www.securityfocus.com/bid/15920/info Round Cube will reportedly reveal its installation path in an error message output to the client. The filesystem layout can be sensitive information that is useful in other attacks against...

Round Cube Webmail 0.1 -20051021 - Full Path Disclosure

source: https://www.securityfocus.com/bid/15920/info Round Cube will reportedly reveal its installation path in an error message output to the client. The filesystem layout can be sensitive information that is useful in other attacks against the target server. The trigger for this behavior is not...

CVE-2005-4214

phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the CCFG'PKGPATHDBSE' variable is not defined...

CVE-2005-4148

Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error messa...

CVE-2005-4017

property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message...

CVE-2005-3799

phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path...

CVE-2005-3799

phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path...

CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

CVE-2004-2572

AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering 1 invalid characters such as "" or 2 a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldapsearch...

Virtual Hosting Control System 2.22.4 - Error Message Cross-Site Scripting

Virtual Hosting Control System 2.22.4 - Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/15538/info Virtual Hosting Control System is prone to cross-site scripting attacks. The vulnerability arises when error messages are rendered and could let an attacker inject hosti...

[Full-disclosure] Security Advisory: Struts Error Message Cross Site Scripting

Background ========== Struts is an open source framework for building web applications. The core of the Struts framework is a flexible control layer based on standard technologies such as Java Servlets, JavaBeans, resource bundles, and the Extensible Markup Language XML. Struts can be used with...

CVE-2005-3517

Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote ' in the start parameter of index.php...

PT-2005-4313 · Chipmunk Scripts · Chipmunk Scripts Guestbook

Name of the Vulnerable Software and Affected Versions: Chipmunk Scripts Guestbook affected versions not specified Description: The issue allows remote attackers to obtain the installation path of the script by causing an error message to be displayed. This can be achieved through a URL that...

CVE-2005-3487

Multiple buffer overflows in Scorched 3D 39.1 bf and earlier allow remote attackers to execute arbitrary code via various 1 GLConsole::addLine, 2 ServerCommon::sendString, 3 ServerCommon::serverLog functions, 4 a long command that is not properly handled in ComsMessageHandler.cpp when generating ...