CVE-2002-0483

CVE-2002-0483 affects PHP-Nuke versions 5.4 and earlier, where requesting index.php with the file parameter set to index.php can trigger an error message that leaks the web server’s physical pathname. This is a remote vulnerability that primarily exposes confidential information (the server path)...

CVE-2002-0524

The CVE-2002-0524 entry affects ASP-Nuke RC2 and earlier . The vulnerability arises from error messages that disclose the server’s absolute path when attackers trigger two conditions: (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments. This results...

CVE-2002-0407

htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as 1 a request with a .pl or .java extension, or 2 a request containing a large number of...

CVE-2002-0446

categorie.php3 in Black Tie Project BTP 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID cid parameter, which leaks the pathname in an error message...

CVE-2002-0282

DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via 1 a direct request to adduser.php, or via an invalid newlanguage parameter in 2 contents.php, 3 categories.php, or 4 files.php, which leaks the path in an error message...

CGIScript.net - 'csPassword.cgi' 1.0 Information Disclosure

source: https://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net that discloses potentially sensitive information ...

CGIScript.net - csPassword.cgi 1.0 Information Disclosure

CGIScript.net - csPassword.cgi 1.0 Information Disclosure source: https://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by...

CVE-2002-0245

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to 1 determine the physical path of the server via a request for a nonexistent file with a .pl Perl extension, which leaks the pathname in the error message, or 2 make any request that causes an HTTP 500 error, which leaks th...

CVE-2002-0249

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message...

Multiple bugs in hostingcontroller

Different error message on wrong user name and password makes it possible to check account existance. Directory traversal allows to access files outside web root...

askSam 4.0 Web Publisher - Cross-Site Scripting

source: https://www.securityfocus.com/bid/4670/info askSam is a database system. An optional component, askSam Web Publisher versions 1 and 4, is reportedly vulnerable to cross site scripting vulnerability in the asweb.exe or asweb4.exe component. This is due to a failure to strip script and HTML...

askSam 4.0 Web Publisher - Cross-Site Scripting

askSam 4.0 Web Publisher - Cross-Site Scripting source: https://www.securityfocus.com/bid/4670/info askSam is a database system. An optional component, askSam Web Publisher versions 1 and 4, is reportedly vulnerable to cross site scripting vulnerability in the asweb.exe or asweb4.exe component...

CVE-2002-0249

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message...

CVE-2002-0253

PHP, when not configured with the "displayerrors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and...

CVE-2002-0266

Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname...

CVE-2002-0240

CVE-2002-0240 affects PHP when deployed with Apache and configured to serve index.php by default. The vulnerability allows remote attackers to learn the server’s full pathname via the HTTP OPTIONS method, leaking a partial confidentiality breach (PARTIAL) without impact to integrity/availability,...

CVE-2002-0245

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to 1 determine the physical path of the server via a request for a nonexistent file with a .pl Perl extension, which leaks the pathname in the error message, or 2 make any request that causes an HTTP 500 error, which leaks th...

KPMG-2002013: Coldfusion Path Disclosure

-------------------------------------------------------------------- Title: Coldfusion Path Disclosure BUG-ID: 2002013 Released: 18th Apr 2002 -------------------------------------------------------------------- Problem: ======== Requests for certain DOS-devices are parsed by the isapi filter tha...

Physical path leakage in ColdFusion

Error message on access attempt to DOS device contains physical path...

PHP-Nuke 5.x - Error Message Web Root Disclosure

PHP-Nuke 5.x - Error Message Web Root Disclosure source: https://www.securityfocus.com/bid/4333/info PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a...