CVE-2004-1385

CVE-2004-1385 affects phpGroupWare up to version 0.9.16.003. The vulnerability is an information-disclosure issue where an error message reveals the web server path due to (1) unexpected characters in the session ID (shell metacharacters), (2) an invalid appname parameter to preferences.php, or (...

CVE-2005-0222

main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2subView parameter, which reveals the path in an error message...

CVE-2005-0080

The 55optionstraceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address...

CVE-2004-1226

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter...

CVE-2004-1102

MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information...

CVE-2004-1504

The displaycontent function in config.php for Just Another Flat file JAF CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php...

CVE-2004-2296

The previewreview function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message...

DEBIAN-CVE-2004-2664

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODBDIR, which reveals the installation path in an error message...

CVE-2004-1579

index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid catid parameter, which reveals the full path in a PHP error message...

CVE-2004-2518

Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via 1 a trailing null byte "%00" to a URL or 2 an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message...

CVE-2004-2019

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message...

CVE-2004-2664

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODBDIR, which reveals the installation path in an error message...

CVE-2004-1723

The 1 updateuser.php and 2 forumsprune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message...

CVE-2004-2748

viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message...

CVE-2004-1581

BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to 1 checkdb.inc.php, 2 admin.inc.php or 3 cp.inc.php, which reveals the path in a PHP error message...

CVE-2004-1509

validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encodedlogin parameter, which reveals the full path in an error message...

CVE-2004-1528

The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to 1 config.php, 2 index.php, or 3 submit.php, which reveal the full path in an error message...

CVE-2004-1736

Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to 1 auth.php, 2 authlogin.php, 3 authchangepassword.php, and possibly other php files, which reveal the installation path in a PHP error message...

CVE-2004-1912

The 1 modules.php, 2 block-Calendar.php, 3 block-Calendar1.php, 4 block-Calendarcenter.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message...

CVE-2004-2664

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODBDIR, which reveals the installation path in an error message...