HostAdmin - Full Path Disclosure

source: https://www.securityfocus.com/bid/8401/info HostAdmin is prone to a path disclosure vulnerability. Passing invalid data to the HostAdmin site will cause an error message to be displayed, which contains installation path information. http://www.example.com/pathofhostadmin/?page='...

ZH2003-19SA (security advisory): BBPro Store Builder Path Disclosure

ZH2003-19SA security advisory: BBPro Store Builder Path Disclosure Published: 10 august 2003 Released: 10 august 2003 Name: BBPro Store Builder Affected Systems: current version Issue: Remote attackers can know the path of the site Author: G00db0y zone-h org Vendor:...

ZH2003-15SA (security advisory): IdealBB XSS Vulnerability

ZH2003-15SA security advisory: IdealBB XSS Vulnerability Published: 7 august 2003 Released: 7 august 2003 Name: IdealBB Affected Systems: 1.4.9 beta Issue: Remote attackers can inject XSS script Author: [email protected] Vendor: http://www.idealbb.com Description Zone-h Security Team has...

ZH2003-16SA (security advisory): C-Cart Shopping Cart Path Disclosure

ZH2003-16SA security advisory: C-Cart Shopping Cart Path Disclosure Published: 8 august 2003 Released: 8 august 2003 Name: C-Cart Affected Systems: 1.0 Issue: Remote attackers can know the path of the site Author: [email protected] Vendor: http://www.polyspaston.com Description Zone-h Security...

geeeekShop 1.4 - Information Disclosure

source: https://www.securityfocus.com/bid/8380/info geeeekShop is prone to multiple information disclosure vulnerabilities. Passing invalid data as URI parameters to geeeekShop scripts, will cause an error message to be displayed, which contains installation path information. Additionally it has...

C-Cart 1.0 - Full Path Disclosure

C-Cart 1.0 - Full Path Disclosure source: https://www.securityfocus.com/bid/8368/info C-Cart is prone to a path disclosure vulnerability. Passing invalid data as a URI parameter to several C-Cart scripts will cause an error message to be displayed, which contains installation path information...

Microsoft IDS Server crossite scripting

Crossite scripting in error message...

CVE-2003-0456

VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using vtibin/fpcount.exe...

ProductCart XSS Vulnerability

ProductCart XSS Vulnerability found by atomix i came across the fact that in an area of ProductCart you are able to manipulate the error message, therefore allowing tags such as script and iframe to be used: http://www.website.com/ProductCart/pc/msg.asp?message=scriptalert document.cookie;/script...

CVE-2002-1454

MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message...

Mailtraq 2.2 - Webmail Utility Full Path Disclosure

Mailtraq 2.2 - Webmail Utility Full Path Disclosure source: https://www.securityfocus.com/bid/7815/info A vulnerability has been reported for Mailtraq that may result in the disclosure of path information. The vulnerability exists due to insufficient sanitization of HTTP requests. Specifically, a...

Webchat 2.0 Module - Full Path Disclosure

Webchat 2.0 Module - Full Path Disclosure source: https://www.securityfocus.com/bid/7774/info Webchat has been reported prone to a path disclosure weakness. Reportedly an attacker may make a malicious HTTP request for several Webchat PHP scripts to trigger the condition. Under some circumstances...

M-TECH P-Synch 6.2.5 - Full Path Disclosure

source: https://www.securityfocus.com/bid/7740/info Reportedly an attacker may make a malicious HTTP request for specific P-Synch executables passing an empty URI parameter to trigger the condition. Although unconfirmed, it is likely that the request will cause P-Sync to display an error message...

ShareMailPro POP3 Interface Error Message Account Enumeration

The remote ShareMail server issues a special error message when a user attempts to log in using a nonexistent POP account. An attacker may use this flaw to make a list of valid accounts by looking at the error messages it receives at authentication time. C Tenable Network Security, Inc...

BlackMoon FTP Login Error Message User Enumeration

The version of BlackMoon FTP running on the remote host issues a special error message when a user attempts to log in using a nonexistent account. An attacker may use this flaw to make a list of valid accounts, which can be used to mount further attacks. C Tenable Network Security, Inc. ref:...

CVE-2003-0343

BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks...

Inktomi Traffic-Server crossite scripting

Crossite scripting in proxy server error message...

cdrecord format string bug

Format string bug on error message printing...

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...