CVE-2004-2505

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service memory consumption and crash by sending repeated GET or POST requests that trigger error messages that use long strings of data...

CVE-2004-1410

Cross-site scripting XSS vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229...

CVE-2004-1270

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers...

CVE-2004-1205

codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message...

F-Secure Policy Manager 5.11 - 'FSMSH.dll' CGI Application Installation Full Path Disclosure

source: https://www.securityfocus.com/bid/11869/info F-Secure Policy Manager includes a CGI application named 'fsmsh.dll'. By supplying unexpected input as an argument to the 'fsmsh.dll' application the vulnerable software will return an error message that includes the installation path of the...

Squid < 2.5.STABLE8 Malformed Host Name Error Message Information Disclosure

According to its banner, the version of Squid running on the remote host is prior to 2.5.STABLE8. It is, therefore, affected by an information disclosure vulnerability due to improper handling of malformed host names. An unauthenticated, remote attacker can exploit this issue to disclose the...

PAFileDB 3.1 - Error Message Full Path Disclosure

PAFileDB 3.1 - Error Message Full Path Disclosure source: https://www.securityfocus.com/bid/11817/info paFileDB is prone to an installation path disclosure. If invalid requests are made to certain scripts, the installation path is included in the returned error message...

PAFileDB 3.1 - Error Message Full Path Disclosure

source: https://www.securityfocus.com/bid/11817/info paFileDB is prone to an installation path disclosure. If invalid requests are made to certain scripts, the installation path is included in the returned error message. http://www.example.com/pafiledb/includes/admin/admins.php...

CVE-2004-1102

MailPost 5.1.1sv (and possibly earlier) is affected by an information disclosure vulnerability where the error message varies depending on whether the requested file exists. This behavior can allow remote attackers to gain sensitive information. The CVE entry states the issue but does not provide...

CVE-2004-1075

Cross-site scripting XSS vulnerability in standarderrormessage.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message...

CVE-2004-1030

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message...

CVE-2004-0355

Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message...

Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass

Orginal Advisory and exploit by cyberflash Vengy Circumvent Windows XP SP2 security features using execCommand 'SaveAs' function! Demonstration: Notice that you don't receive any warning messages such as: "File Download - Security Warning" or "Open File - Security Warning". If "Hide file extensio...

Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass

Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass Orginal Advisory and exploit by cyberflash Vengy Circumvent Windows XP SP2 security features using execCommand 'SaveAs' function! Demonstration: Notice that you don't receive any warning messages such as: "File Download -...

A page containing the rss-macro is not displayed if the requested rss-feed is "down"

A page containing the rss-feed macro is not shown if the requested rss-feed is "down" there's no response sent to the browser. It would certainly be better if the page could be displayed anyway; perhaps with a message stating that the feed contents can't be fetched...

A page containing the rss-macro is not displayed if the requested rss-feed is "down"

A page containing the rss-feed macro is not shown if the requested rss-feed is "down" there's no response sent to the browser. It would certainly be better if the page could be displayed anyway; perhaps with a message stating that the feed contents can't be fetched...

CVE-2004-1607

slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a 1 Library or 2 Attachment request with an invalid file parameter, which reveals the path in an error message...

CVE-2004-1600

index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message...

CVE-2004-1700

Cross-site scripting XSS vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message...

Echo Security Advisory 2004.7

ECHOADV07$2004 --------------------------------------------------------------------------- Multiple Vulnerabilities in AJ-Fork --------------------------------------------------------------------------- Author: y3dips Date: September, 23th 2004 Location: Indonesia, Jakarta Web:...