EUVD-2002-1510

Malware in sbrugna...

EUVD-2024-31585

Malicious code in bioql PyPI...

CVE-2010-1907

The CVE-2010-1907 entry concerns the SdcUser.TgConCtl ActiveX control in tgctlcm.dll used by Consona Live Assistance, Dynamic Agent, and Subscriber Assistance. The vulnerability allows remote attackers to discover the client user’s username and deduce a path to a user directory via GetUserName. I...

CVE-2007-5463

Concrete details: CVE-2007-5463 affects ViArt Shop ViArt Shopping Cart, specifically the iDEAL payment module's payments/ideal_process.php, where a directory traversal in the filename parameter to createCertFingerprint could enable reading certificate and key file paths from the web root. The iss...

CVE-2002-2024

Horde IMP 2.2.7 is affected. The issue allows remote attackers to obtain the full web root pathname by requesting specific files (poppassd.php3, login.php3?reason=chpass2, spelling.php3, ldap.search.php3?ldap_serv=nonsense), with error messages leaking the information. Impact is information discl...

CVE-2002-2024

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for 1 poppassd.php3, 2 login.php3?reason=chpass2, 3 spelling.php3, and 4 ldap.search.php3?ldapserv=nonsense which leaks the information in error messages...

CVE-2005-1420

CVE-2005-1420 affects Raysoft/Raybase Video Cam Server 1.0.0 beta. The vulnerability is an information disclosure where remote attackers can determine the full server pathname by requesting an invalid page using a hex-encoded space ("%20"). The provided documents do not specify exploit details be...

CVE-2005-1420

Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" hex-encoded space...

CVE-2002-0654

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...

CVE-2002-0407

htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as 1 a request with a .pl or .java extension, or 2 a request containing a large number of...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

PT-2001-2100 · Valicert · Valicert Enterprise Validation Authority

Name of the Vulnerable Software and Affected Versions: ValiCert Enterprise Validation Authority EVA versions 3.3 through 4.2.1 Description: The issue allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes...

CVE-2001-0452

BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD " command followed by an ls command...

CVE-2000-0176

The CVE-2000-0176 entry applies to Serv-U 2.5d and earlier, where the default configuration allows remote attackers to reveal the server’s real directory path by requesting a URL for a non-existent file/directory (path disclosure). Related connected sources also note potential additional issues i...

CVE-2000-0066

WebSite Pro is affected by CVE-2000-0066: remote attackers can reveal the real pathname of web directories through a malformed URL request, causing information disclosure (partial confidentiality impact). The vulnerability is documented in multiple sources (NVD/CVE listings and a Nessus plugin). ...