CVE-2004-1963

nqt.php in Network Query Tool NQT 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message...

CVE-2004-1923

Tiki CMS/Groupware TikiWiki 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to 1 bannerclick.php, 2 categorize.php, 3 tiki-adminincludedirectory.php, 4 tiki-directorysearch.php, which reveal the web server path in an error message...

FloosieTek FTGate Mail Server 1.2 - Full Path Disclosure

source: https://www.securityfocus.com/bid/10059/info It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path. These issues may be leveraged to gain sensitive information about the affect...

invisionPTSL11.txt

Vendor : Invision Power Services URL : http://www.invisiontsl.com Version : Invision Power Top Site List v1.1 RC 2 && Earlier Risk : SQL Injection Vulnerability Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming choice for web...

Invision Gallery 1.0.1 - SQL Injection

Invision Gallery 1.0.1 - SQL Injection Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site ranking script...

cpanelroot.txt

Hi all when i tried to rest my pass i'm tried this url: http://cpanel.com:2082/resetpass/?user=|"ls"| it give me this / sh: line 1: /var/cpanel/users/: is a directory "sh: line 1: ls: command not found" Password Reset Resetting password for |"ls"|: A confirmation email has been sent to the email...

CVE-2004-0039

Multiple format string vulnerabilities in HTTP Application Intelligence AI component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause forma...

CVE-2004-0130

login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message...

CVE-2004-0130

login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message...

DEBIAN-CVE-2004-0042

vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames...

IBM Net.Data 7.07.2 - db2www Error Message Cross-Site Scripting

IBM Net.Data 7.07.2 - db2www Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/9488/info IBM Net.Data is prone to cross-site scripting attacks via error message output. This may permit a remote attack to create a link to a system hosting the software that includes...

IBM Net.Data 7.0/7.2 - db2www Error Message Cross-Site Scripting

source: https://www.securityfocus.com/bid/9488/info IBM Net.Data is prone to cross-site scripting attacks via error message output. This may permit a remote attack to create a link to a system hosting the software that includes embedded HTML and script code. This hostile code may be rendered in t...

MetaDot 5.6.5.4b5 - Multiple Vulnerabilities

MetaDot 5.6.5.4b5 - Multiple Vulnerabilities MetaDot Multiple Vulnerabilities Vendor: Metadot Corporation Product: MetaDot Version: = 5.6.5.4b5 Website: http://www.metadot.com/ BID: 9439 Description: Metadot is a popular open source portal software GPL recognized for its revolutionary ease-of-use...

CVE-2003-1089

index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message...

CVE-2003-1535

Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message...

CVE-2003-1526

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as 1 ", 2 ', or 3 in the search field, which reveals the path in an error message...

CVE-2003-1543

Cross-site scripting XSS vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message...

CVE-2003-1486

Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to 1 smileys.php, 2 quicklistrss.php, 3 purge.php, 4 news.php, 5 memberlist.php, 6 forumlistrss.php, 7 forumlistrdf.php, 8 forumlist.php, or 9 move.php, which leaks the...

CVE-2003-1269

AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message...

CVE-2003-1555

ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message...