21 matches found
EUVD-2025-9726
Malicious code in bioql PyPI...
CVE-2021-25118
The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...
ROS-20250417-01
A vulnerability in the Nextcloud calendar cloud software application for creating and utilizing the Nextcloud Nextcloud data warehouse is related to disclosure of internal website paths when the SMTP server is unavailable. Exploitation of the vulnerability could allow an attacker acting remotely ...
CVE-2025-0278
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
CVE-2025-0278 An internal path disclosure vulnerability affects HCL Traveler
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
CVE-2025-0278
CVE-2025-0278 affects HCL Traveler, a Windows application. The issue is an internal path disclosure where internal file paths may be revealed in error messages, debug logs, or responses to user requests. The CVE entry cites a MEDIUM severity (CVSS v3.1: 4.3, AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) w...
CVE-2025-0278 An internal path disclosure vulnerability affects HCL Traveler
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
CVE-2023-5515
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
CVE-2023-5515
Hitachi Energy eSOMS vulnerability CVE-2023-5515: exposure of internal resource paths via certain web query parameters. Affected product: eSOMS v6.3.13 and prior. Root cause: web responses reveal internal application structure, enabling information disclosure (CWE-497). Impact: potential disclosu...
CVE-2023-33183 Error in calendar when booking an appointment reveals the full path of the website
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3...
SQL Database Error could lead to SQL Injection with internal Path Disclosure
Hello, Through manipulating Parameter i get an SQL Error which can lead to SQL Injection. Plus that there is an internal Path Disclosure. Best regards Ahmed Hassan...
Nextcloud: Exposed Log File Lead to Full Internal path disclosure at [https://nextcloud.com/wp-content/debug.log]
Hi team , i found wp-content/debug.log endpoint public accessible That lead to full path disclosure Steps : Open : https://nextcloud.com/wp-content/debug.log You can See Internal paths disclosed and date is : 02-Nov-2022 02-Nov-2022 08:50:36 UTC PHP Fatal error: Uncaught Error: Call to undefined...
CVE-2022-26070 Error message discloses internal path
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0...
Mail.ru: internal path disclosure via error message
Internal path in error message at activate.games.mail.ru...
CS Money: Internal Path Disclosure
Hello Team, I would like to report internal path disclosure in response. I was trying for Stored XSS but got no luck in that process. I observed the responses, one of the responses showing file path with 500 Internal Server Error. Steps To Reproduce: 1. Go to cs.money and sign in through steam...
CVE-2020-5880
Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Resulting error messages may also reveal internal paths of the server...
SAP Crystal Reports - Information Disclosure
SAP Crystal Reports - Information Disclosure Exploit Title: Sensitive Information Disclosure in SAP Crystal Reports Date: 2019-04-10 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 Version: SAP Crystal...
International Islamic University Chittagong: Improper error handler
during the analysis it was found that when we submit the form and try to upload a txt file then it show a error page with internal path disclosure...
BMC Remedy LFI / RFI / XSS / Code Execution Vulnerabilities
BMC Remedy suffers from log hijacking, code execution, cross site scripting, local/remote file inclusion, and various other vulnerabilities. Document Title ============== Multiple vulnerabilities in BMC Remedy Reported By =========== Simon Rawet from Outpost24 Kristian Varnai from Outpost24 Vendo...
eFront LMS 3.6.14 File Upload / Path Disclosure
============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || || |/ || | | || blackpentesters.blogspot.com...