CVE-2005-1235

auctionmyauctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message...

CVE-2005-0724

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via 1 an invalid str parameter to pafiledb.php, or a direct request to 2 viewall.php, 3 stats.php, 4 search.php, 5 rate.php, 6 main.php, 7 license.php, 8 category.php, 9 download.php, 10 file.php, 11 email.php, or 12...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-0871

calendarscheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message...

CVE-2005-0278

The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message...

CVE-2005-1033

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid 1 language parameter to index.php, 2 PHPSESSID parameter to index.php, 3 product parameter to tellafriend.php, 4 add parameter to viewcart.php, or 5 product parameter to viewproduct.php, which reveals the path i...

CVE-2005-0880

content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 index.php with the forumadmin parameter set, 2 the Surveys module, or 3 the YourAccount module, which reveals the path in a PHP error message...

CVE-2005-0080

The 55optionstraceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address...

CVE-2005-0459

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to selectlang.lib.php, which reveals the path in a PHP error message...

CVE-2001-1441

Cross-site scripting XSS vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message...

CVE-2001-1437

Technical details about CVE-2001-1437 are not publicly available in the provided documents; monitor for updates.

CVE-2005-1144

popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message...

CVE-2005-1133

The CVE-2005-1133 entry corresponds to the IBM iSeries AS/400 POP3 server that reveals whether a username exists by returning different error messages. This enables remote user enumeration (valid user IDs). Related Nessus data notes additional disclosure risk and lack of login throttling/brute-fo...

SQL Injection in Oracle Forms

SQL Injection in Oracle Forms V1.00 © 2005 by Red-Database-Security GmbH 1/5 Summary: All Oracle Forms applications are vulnerable against SQL Injection by default. Oracle Applications =11.5.9 is not affected due to the default setting value “FORMSxxRESTRICTENTERQUERY = TRUE”. About Oracle Forms:...

CVE-2005-1050

CVE-2005-1050 affects PostNuke 0.760-RC3 in the Reviews module’s modload op. The vulnerability allows remote attackers to disclose sensitive information by supplying an invalid id parameter, causing a PHP error message that reveals the path. The NVD entry rates impact as Partial Confidentiality w...

CVE-2005-1050

The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message...

CVE-2005-1144

popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message...

CVE-2005-1033

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid 1 language parameter to index.php, 2 PHPSESSID parameter to index.php, 3 product parameter to tellafriend.php, 4 add parameter to viewcart.php, or 5 product parameter to viewproduct.php, which reveals the path i...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 index.php with the forumadmin parameter set, 2 the Surveys module, or 3 the YourAccount module, which reveals the path in a PHP error message...