CVE-2004-1677

pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message...

CVE-2002-0445

The CVE concerns article.php in PHP FirstPost 0.1, where an invalid post number in the post parameter causes an error message that leaks the server’s full pathname. This constitutes an information disclosure vulnerability in the PHP FirstPost 0.1 package. The available records do not provide addi...

CVE-2002-0445

article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message...

Microsoft Internet Explorer 6 - Resource Detection

Microsoft Internet Explorer 6 - Resource Detection source: https://www.securityfocus.com/bid/11026/info Microsoft Internet Explorer is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is...

Apache Tomcat < 3.2.1 Nonexistent File Error Message Path Disclosure

Binary data 1465.pasl...

Curl < 7.4.1 Long Error Message Buffer Overflow

Binary data 1745.prm...

CVE-2004-0421

The Portable Network Graphics library libpng 1.0.15 and earlier allows attackers to cause a denial of service crash via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message...

CVE-2004-0665

csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message...

CVE-2004-0729

PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid 1 categoryrows parameter to index.php, 2 faq parameter to faq.php, or 3 ranksrow parameter to profile.php, which reveal the full path in an error message...

CVE-2004-0702

DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information...

CVE-2004-0729

PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid 1 categoryrows parameter to index.php, 2 faq parameter to faq.php, or 3 ranksrow parameter to profile.php, which reveal the full path in an error message...

Fedora Core 1 : libpng10-1.0.13-11 (2004-106)

Mon Apr 19 2004 Matthias Clasen - fix a possible out-of-bounds read in the error message handler. 121229 - Tue Mar 02 2004 Elliot Lee - rebuilt - Fri Feb 13 2004 Elliot Lee - rebuilt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

Fedora Core 1 : libpng-1.2.2-20 (2004-105)

Mon Apr 19 2004 Matthias Clasen - fix a possible out-of-bounds read in the error message handler. 121229 - Tue Mar 02 2004 Elliot Lee - rebuilt - Fri Feb 27 2004 Mark McLoughlin 2:1.2.2-19 - rebuild with changed bits/setjmp.h on ppc - Fri Feb 13 2004 Elliot Lee - rebuilt Note that Tenable Network...

CVE-2004-0702

DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information...

Opera Web Browser 7.5 - Resource Detection

source: https://www.securityfocus.com/bid/10961/info Opera Web Browser is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within the same domain and change its URI to the...

CVE-2004-0665

CVE-2004-0665 affects csFAQ.cgi in csFAQ. An invalid database parameter can cause an error message that reveals the web server’s path, enabling information disclosure. The NVD entry lists a remote, unauthenticated exposure with network access, low attack complexity, and partial confidentiality im...

CVE-2004-0662

PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to 1 resize.php or 2 modules.php, which reveals the path in an error message...

CVE-2004-2044

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi PHP function with $SERVER'PHPSELF' to identify the calling script, which allows remote attackers to directly access scripts,...

CVE-2004-1970

Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message...

CVE-2004-1971

modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid 1 catid or 2 clipid parameter, which reveals the full path in an error message...