CVE-2005-1616

viewforum.php in Ultimate PHP Board UPB 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid 1 id or possibly 2 postorder parameter, which reveals the path in an error message when a file can not be opened...

CVE-2005-1616

viewforum.php in Ultimate PHP Board UPB 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid 1 id or possibly 2 postorder parameter, which reveals the path in an error message when a file can not be opened...

CVE-2005-1563

Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products...

Bugzilla < 2.18.1 Multiple Information Disclosures

According to its banner, the remote host is running a version of Bugzilla that reportedly may include passwords in the web server logs because it embeds a user's password in a report URL if the user is prompted to log in while viewing a chart. It also allows users to learn whether an invisible...

CVE-2005-1510

PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message...

CVE-2005-1497

index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid postid parameter, which reveals the path in an error message...

CVE-2003-1168

HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . dot in the file parameter, which reveals the installation path in an error message...

CVE-2004-1974

paFileDB 3.1 is affected by an information disclosure vulnerability where remote attackers can learn sensitive path information by issuing direct requests to pages (login.php, category.php, search.php, main.php, viewall.php, download.php, email.php, file.php, rate.php, stats.php). The underlying ...

CVE-2004-2009

NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via 1 a direct call to mainfunctions.php, 2 an invalid jokeid parameter in a JokeView function or 3 an invalid cat parameter in a CatView function, which reveals the path in a PHP error message...

CVE-2004-1830

CVE-2004-1830 : The error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information by supplying invalid (language, newlang, or lang) parameters, which leaks the pathname in a PHP error message. This is a information-disclosure issue affecting the specified...

CVE-2004-1953

phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message...

CVE-2003-1194

Cross-site scripting XSS vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message...

CVE-2004-2019

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message...

CVE-2004-1956

PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the 1 includes/blocks directory, 2 pnadodb directory, 3 NS-NewUser module, 4 NS-YourAccount, 5 NS-LostPassword module, or 6 NS-User module which reveals the path to the web server in a PHP error...

CVE-2004-1959

blockerquery.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message...

CVE-2004-1998

The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message...

CVE-2004-2009

CVE-2004-2009 concerns NukeJokes versions 1.7 and 2 Beta. The vulnerability allows remote attackers to reveal the server’s full filesystem path through PHP error messages triggered by: (1) a direct request to mainfunctions.php, (2) an invalid jokeid parameter in JokeView, or (3) an invalid cat pa...

CVE-2005-0869

phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...

CVE-2005-1137

Simple PHP Blog sphpBlog 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sbfunctions.php, which leaks the full pathname in a PHP error message...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...