Macromedia ColdFusion MX 6.0 - Error Message Full Path Disclosure

Macromedia ColdFusion MX 6.0 - Error Message Full Path Disclosure source: https://www.securityfocus.com/bid/7443/info A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. When certain malformed URL requests are received by the...

Macromedia ColdFusion MX 6.0 - Error Message Full Path Disclosure

source: https://www.securityfocus.com/bid/7443/info A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. When certain malformed URL requests are received by the server, an error message is returned containing the full path of t...

12Planet Chat Server 2.5 - Error Message Installation Full Path Disclosure

12Planet Chat Server 2.5 - Error Message Installation Full Path Disclosure source: https://www.securityfocus.com/bid/7355/info When certain malformed URL requests are sent to a 12Planet Chat Server, the server's installation path may be revealed in the returned error message. This information cou...

Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure

Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure source: https://www.securityfocus.com/bid/7296/info It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content. If a specially crafted request is made for a page that accepts...

Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure

source: https://www.securityfocus.com/bid/7296/info It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content. If a specially crafted request is made for a page that accepts user-supplied data an error state may be triggered. If the attack is...

CVE-2002-0810

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails...

CVE-2002-0892

The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message...

CVE-2002-0463

ARSC (Really Simple Chat) version 1.0.1 and earlier is affected by an information disclosure vulnerability. An invalid arsc_language value allows remote attackers to cause an error message that reveals the full pathname of the web server, exposing partial confidentiality. The CVE entry notes this...

CVE-2002-0733

CVE-2002-0733 is a cross-site scripting vulnerability in thttpd 2.20 and earlier. The issue arises when a crafted URL to a nonexistent page is inserted into a 404 error page, enabling remote attackers to execute arbitrary script in the context of the user viewing the error page. The connected dat...

CVE-2002-1453

Vulnerability: CVE-2002-1453 affects MyWebServer 1.0.2. Issue: Cross-site scripting (XSS) where a long request allows remote attackers to inject script/HTML, which is echoed back to the user in an error message. Impact (as described): Script execution in the context of the user’s browser via the ...

CVE-2002-1453

Cross-site scripting XSS vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message...

CVE-2002-1527

emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message...

QPopper timing attack

Differet timing interval are used for error message in case of wrong username and wrong password...

eject 2.0.10 vulnerability

Application: eject Version: 2.0.10 Platforms: Linux Distribution: SuSE 7.3, most likely other versions of SuSE Linux as well also all distributions that make eject SUID root Bugs: verbose error messages reveal location of files/directories Risk: low Author: nordi e-mail: [email protected] 1...

Sage 1.0 Beta 3 - Content Management System Full Path Disclosure

source: https://www.securityfocus.com/bid/6893/info Sage Content Management System contains a path disclosure vulnerability. When a request is made for a module that does not exist, the returned error message contains the full path to the Sage installation directory. Disclosed path information...

Sage 1.0 Beta 3 - Content Management System Full Path Disclosure

Sage 1.0 Beta 3 - Content Management System Full Path Disclosure source: https://www.securityfocus.com/bid/6893/info Sage Content Management System contains a path disclosure vulnerability. When a request is made for a module that does not exist, the returned error message contains the full path ...

Oracle 9iAS Nonexistent .jsp File Request Error Message Path Disclosure

Oracle 9iAS allows remote attackers to obtain the physical path of a file under the server root via a request for a nonexistent .JSP file. The default error generated leaks the pathname in an error message. %NASLMINLEVEL 70300 This script was written by Javier Fernandez-Sanguino This software is...

Sniffing Opera's Tracks (GM#006-OP)

GreyMagic Security Advisory GM006-OP ===================================== By GreyMagic Software, Israel. 04 Feb 2003. Available in HTML format at http://security.greymagic.com/adv/gm006-op/. Topic: Sniffing Opera's Tracks. Discovery date: 29 Jan 2003. Affected applications: =====================...

Opera 7.0 - Error Message History Disclosure

source: https://www.securityfocus.com/bid/6759/info It has been reported that Opera fails to ensure that a remote site has proper authorization before executing some methods used to access error messages stored in the Opera console. This issue is further exacerbated by the fact that error message...

TOPO 1.41 - Full Path Disclosure

source: https://www.securityfocus.com/bid/6768/info It has been reported that TOPo may return information to users that is sensitive in nature. Under some circumstances, it is possible to produce an error message that reveals information about web directory structure. This could result in more...