CVE-2005-1001

PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to 1 the Surveys module with the file parameter set to comments or 2 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message...

CVE-2005-0900

marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid 1 file or 2 category parameter, which reveal the path in an error message...

CVE-2005-0880

CVE-2005-0880 affects the Vortex Portal’s content.php. An invalid act parameter allows remote attackers to obtain sensitive information by causing a PHP error message that leaks the full pathname. The CVSS data indicates attack vector: network; authentication: none; access: partial confidentialit...

CVE-2005-0869

phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...

CVE-2005-0869

phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...

CVE-2005-0871

calendarscheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message...

CVE-2005-0880

content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message...

CVE-2005-0855

CVE-2005-0855 affects CoolForum 0.8.1 beta and earlier. The issue allows remote attackers to trigger PHP error messages via direct requests to eight PHP pages (entete.php, profile_accueil.php, profile_mdp.php, profile_notify.php, profile_options.php, profile_perso.php, profile_pm.php, readannonce...

CVE-2005-0827

Viewcat.php in 1 RUNCMS 1.1A, 2 Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops exoops, allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message...

CVE-2005-0797

Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks...

[SECURITYREASON.COM][phpBB 2.0.13 SQL error in session cXIb8O3.8]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.13 SQL error in session cXIb8O3.8 Author: Maksymilian Arciemowicz cXIb8O3 Date: 10.3.2005 from securityreason.com TEAM - --- 0.Description --- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin board packag...

CVE-2005-0722

eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message...

CVE-2003-1101

Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message...

CVE-2005-0722

eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message...

CVE-2005-0655

The vulnerability CVE-2005-0655 affects auraCMS 1.5. An attacker can trigger an information disclosure by issuing an HTTP request with an invalid id parameter to one of three PHP endpoints (teman.php, hal.php, arsip.php), causing a PHP error message that reveals the file path. The NVD page report...

CVE-2005-0659

phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message...

CVE-2005-0607

CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to 1 information.php, 2 language.php, 3 listdocs.php, 4 popularprod.php, 5 sale.php, 6 subfooter.inc.php, 7 subheader.inc.php, 8 catnavi.php, or 9 checksum.php, which...

CVE-2004-1030

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message...

CVE-2005-0603

viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message...

CVE-2004-1736

CVE-2004-1736 affects Cacti 0.8.5a. The issue allows remote attackers to obtain the installation path via HTTP requests to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and potentially other PHP files, causing information disclosure of the installed framework. The root cause is e...