3854 matches found
CVE-2003-1168
HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . dot in the file parameter, which reveals the installation path in an error message...
CVE-2003-1242
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message...
CVE-2003-1548
MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message...
quikstore.txt
Indonesia Security Development Team Advisory QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users ===================================================================== Advisory Name: QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users Release Date:...
QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users
Indonesia Security Development Team Advisory QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users ===================================================================== Advisory Name: QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users Release Date:...
PY Software Active Webcam 4.3 - WebServer Cross-Site Scripting
source: https://www.securityfocus.com/bid/9261/info A vulnerability has been reported to be present in the software that may allow a remote attacker to execute HTML or script code in a user's browser. It has been reported that the problem arises when the software returns an error message to the...
Webwasher Classic Error-Message XSS Vulnerability
Webwasher Classic Error-Message XSS Vulnerability ================================================= Description =========== WebWasher Classic is vulnerable to a XSS attack. If a HTTP GET-Request, containing script code, is sent to the proxy port default 8080/TCP, an error page is shown, which...
Citrix Metaframe XP - Cross-Site Scripting
Citrix Metaframe XP - Cross-Site Scripting source: https://www.securityfocus.com/bid/8939/info Citrix Metaframe XP is prone to cross-site scripting attacks when returning error messages to users. The error message is generated when invalid authentication credentials are transmitted to the log-in...
Fastream NetFile 6.0.3.588 - Error Message Cross-Site Scripting
source: https://www.securityfocus.com/bid/8908/info It has been reported that a cross-site scripting vulnerability may exist in NetFile that may allow remote attackers to execute HTML or script code in a user's browser. The issue is reported to occur due to a "404 Not Found" error message returne...
Fastream NetFile 6.0.3.588 - Error Message Cross-Site Scripting
Fastream NetFile 6.0.3.588 - Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/8908/info It has been reported that a cross-site scripting vulnerability may exist in NetFile that may allow remote attackers to execute HTML or script code in a user's browser. The issue is...
Dansie Shopping Cart Discloses Installation Path to Remote Users
Indonesia Security Development Team Advisory Dansie Shopping Cart Discloses Installation Path to Remote Users ================================================================ Advisory Name: Dansie Shopping Cart Discloses Installation Path to Remote Users Release Date: 5:21 AM 10/20/03 Application...
Norton Internet Security 2003 XSS
DigitalPranksters Security Advisory http://www.DigitalPranksters.com Norton Internet Security Blocked Sites XSS Risk: Low Product: Norton Internet Security 2003 v6.0.4.34 Maybe others we only tested this version Product URL: http://www.symantec.com/sabu/nis/nispe/index.html Found By: KrazySnake -...
Geeklog exploit
Following is an example of how MySQL SQL injections can be exploited, and also how suppressing error messages isn't sufficient as a solution, as proposed in some earlier postings. It was also included in Geeklog 1.3.8-1sr1 security update even though the developers noted it's not a complete...
Sun Management Center 3.03.5 - Error Message Information Disclosure
Sun Management Center 3.03.5 - Error Message Information Disclosure source: https://www.securityfocus.com/bid/8873/info A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable...
Sun Management Center 3.0/3.5 - Error Message Information Disclosure
source: https://www.securityfocus.com/bid/8873/info A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable hosts. http://www.example.com:898/../../../../../tmp/.X11-unix...
Dansie Shopping Cart Discloses Installation Path to Remote Users
Indonesia Security Development Team Advisory Dansie Shopping Cart Discloses Installation Path to Remote Users ================================================================ Advisory Name: Dansie Shopping Cart Discloses Installation Path to Remote Users Release Date: 5:21 AM 10/20/03 Application...
Hummingbird CyberDOCS error page discloses web server installation path
Overview Hummingbird CyberDOCS contains a vulnerability that could allow a remote attacker to learn the installation path of the web server. This information could be used to support further attacks. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management...
SBox 1.0.4 - Full Path Disclosure
SBox 1.0.4 - Full Path Disclosure source: https://www.securityfocus.com/bid/8705/info sbox has been reported prone to a path disclosure vulnerability. The issue has been reported to present itself when a HTTP request is made for a CGI resource that does not exist. sbox will reportedly return an...
CVE-2003-0456
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using vtibin/fpcount.exe...
ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security Leak
ZH2003-20SA security advisory: Stellar Docs Path Disclosure and Security Leak Published: 10 august 2003 Released: 10 august 2003 Name: Stellar Docs Affected Systems: v1.2 Issue: Remote attackers can know the path of the site and access the administrative section Author: [email protected] Vendor:...