4 matches found
EUVD-2019-0430
Malware in sbrugna...
Nextcloud: Error in Booking an appointment reveals the full path of the website
A vulnerability in Nextcloud allowed users to reveal internal paths of the website when booking an appointment with SMTP configuration. An attacker could exploit this vulnerability to gain sensitive information about the website's internal structure...
CVE-2013-4301
includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "" open angle bracket character in the lang parameter to w/load.php, which reveals the installation pat...
CVE-2004-1385
phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via 1 unexpected characters in the session ID such as shell metacharacters, 2 an invalid appname parameter to preferences.php or 3 an invalid menuaction parameter to index.php, which reveals the web server...