TYPO3 CMS exposes sensitive information in an error message

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...

CVE-2020-11594

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path...

CVE-2023-27469

Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character...

WordPress < 3.5.2 Multiple Vulnerabilities

According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application contains a denial of service attack, affecting sites using password-protected posts. CVE-2013-2173 - The application is affected by a server-side...

CVE-2006-3532

PHP file inclusion vulnerability in includes/editnew.php in Pivot 1.30 RC2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Pathsextensionspath parameter...