3854 matches found
TOPO 1.41 - Full Path Disclosure
TOPO 1.41 - Full Path Disclosure source: https://www.securityfocus.com/bid/6768/info It has been reported that TOPo may return information to users that is sensitive in nature. Under some circumstances, it is possible to produce an error message that reveals information about web directory...
Opera 7.0 - Error Message History Disclosure
Opera 7.0 - Error Message History Disclosure source: https://www.securityfocus.com/bid/6759/info It has been reported that Opera fails to ensure that a remote site has proper authorization before executing some methods used to access error messages stored in the Opera console. This issue is furth...
ical 3.7 remote dos
hi iCal http://www.brownbearsw.comis a web-based calendar that can be used to show meetings, events, or other schedules. calendars can be viewed, edited, and administered totally through the web. iCal is build for thin-clients, so access calendar without any plug-ins or java interpreters. I found...
CVE-2002-1700
Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...
CVE-2002-1837
The getAlbumToDisplay function in idsShared.pm for Image Display System IDS 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not...
CVE-2002-1822
IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page JSP...
CVE-2002-2008
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message...
CVE-2002-2045
xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to 1 execute PHP commands such as phpinfo or 2 obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message...
CVE-2002-2288
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message...
CVE-2002-1677
14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine the physical path to the web root directory via a request with an invalid cfg parameter, which generates an error message that reveals the path...
CVE-2002-2276
Ultimate PHP Board UPB 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message...
CVE-2002-1728
askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path...
CVE-2002-2009
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by 1 +/, 2 /, 3 /, and 4 %20/, which leaks the pathname in an error message...
Macromedia ColdFusion crossite scripting
Crossite scripting in error message...
Buffer overflow in Cyrus Sieve
Buffer overflow on error messsage generation...
Microsoft IIS .idc crossite scripting
On oversized URL error message contains URL without modification...
CVE-2002-0955
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board YaBB 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message...
CVE-2002-0892
The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message...
Apache Host: crossite scripting
404 error message contains unescaped Host: header of HTTP request...
EmuMail 5.0 - Web Root Full Path Disclosure
EmuMail 5.0 - Web Root Full Path Disclosure source: https://www.securityfocus.com/bid/5823/info Emumail is an open source web mail application. It is available for the Unix, Linux, and Microsoft Windows operating systems. Under some conditions, Emumail may reveal sensitive configuration...