EUVD-2002-1510

Malware in sbrugna...

EUVD-2024-31585

Malicious code in bioql PyPI...

CVE-2020-7387

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

Design/Logic Flaw

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

CVE-2010-1907

The CVE-2010-1907 entry concerns the SdcUser.TgConCtl ActiveX control in tgctlcm.dll used by Consona Live Assistance, Dynamic Agent, and Subscriber Assistance. The vulnerability allows remote attackers to discover the client user’s username and deduce a path to a user directory via GetUserName. I...

CVE-2009-4073

CVE-2009-4073 affects Microsoft Internet Explorer’s printing functionality when a local HTML page is printed to PDF. The issue exposes local filesystem information by allowing a PDF generated from a local page to include the dc:title element that can reveal the file path, and possibly the usernam...

CVE-2007-5463

Concrete details: CVE-2007-5463 affects ViArt Shop ViArt Shopping Cart, specifically the iDEAL payment module's payments/ideal_process.php, where a directory traversal in the filename parameter to createCertFingerprint could enable reading certificate and key file paths from the web root. The iss...

CVE-2002-2024

Horde IMP 2.2.7 is affected. The issue allows remote attackers to obtain the full web root pathname by requesting specific files (poppassd.php3, login.php3?reason=chpass2, spelling.php3, ldap.search.php3?ldap_serv=nonsense), with error messages leaking the information. Impact is information discl...

CVE-2002-2024

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for 1 poppassd.php3, 2 login.php3?reason=chpass2, 3 spelling.php3, and 4 ldap.search.php3?ldapserv=nonsense which leaks the information in error messages...

CVE-2005-1420

Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" hex-encoded space...

CVE-2005-1420

CVE-2005-1420 affects Raysoft/Raybase Video Cam Server 1.0.0 beta. The vulnerability is an information disclosure where remote attackers can determine the full server pathname by requesting an invalid page using a hex-encoded space ("%20"). The provided documents do not specify exploit details be...

CVE-2003-0737

The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime in TimeZone.php of the Pear library...

CVE-2002-0654

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...

CVE-2002-0407

htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as 1 a request with a .pl or .java extension, or 2 a request containing a large number of...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

PT-2001-2100 · Valicert · Valicert Enterprise Validation Authority

Name of the Vulnerable Software and Affected Versions: ValiCert Enterprise Validation Authority EVA versions 3.3 through 4.2.1 Description: The issue allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes...

CVE-2001-0452

BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD " command followed by an ls command...

CVE-2001-0254

FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command...

CVE-2001-0224

Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter...

CVE-2000-0176

The CVE-2000-0176 entry applies to Serv-U 2.5d and earlier, where the default configuration allows remote attackers to reveal the server’s real directory path by requesting a URL for a non-existent file/directory (path disclosure). Related connected sources also note potential additional issues i...