3854 matches found
CVE-2005-0544
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...
phpmyadmin -- information disclosure vulnerability
A phpMyAdmin security announcement reports: By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin...
CVE-2004-1662
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message...
CVE-2004-1600
CVE-2004-1600 affects index.php in CoolPHP 1.0-stable, where a malformed op parameter allows remote attackers to reveal the path in an error message, exposing sensitive information (NVD: CVSSv2 base 5.0, MEDIUM). The issue is described consistently across NVD/CVE references; no remediation or exp...
CVE-2004-1677
pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message...
CVE-2004-1577
index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message...
CVE-2004-1600
index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message...
CVE-2004-1509
validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encodedlogin parameter, which reveals the full path in an error message...
CVE-2005-0459
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to selectlang.lib.php, which reveals the path in a PHP error message...
security flaw
Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...
security flaw
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers...
CVE-2005-0085
Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...
CVE-2005-0433
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to 1 db.php, 2 mainfile.php, 3 Downloads/index.php, or 4 WebLinks/index.php, which lists the path in a PHP error message...
CVE-2005-0433
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to 1 db.php, 2 mainfile.php, 3 Downloads/index.php, or 4 WebLinks/index.php, which lists the path in a PHP error message...
CVE-2005-0085
Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...
ht://Dig HTTP indexing and searching system crossite scripting
Crossite scripting vulnerability during error message generation...
CVE-2004-1410
Cross-site scripting XSS vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229...
CVE-2004-1428
CVE-2004-1428 affects ArGoSoft FTP Server before 1.4.2.1. The authentication error message differs for nonexistent usernames, enabling remote attackers to enumerate valid usernames. This information disclosure can facilitate dictionary attacks against the remote host. A fix is available: upgrade ...
Logon with wrong user/password gives 'weird' errorpage.
Error screen after wrong login is 'weird'...
CVE-2005-0326
pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script...