1292 matches found
CVE-2002-0463
ARSC (Really Simple Chat) version 1.0.1 and earlier is affected by an information disclosure vulnerability. An invalid arsc_language value allows remote attackers to cause an error message that reveals the full pathname of the web server, exposing partial confidentiality. The CVE entry notes this...
CVE-2002-1545
CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response...
CVE-2003-0153
CVE-2003-0153 affects the bonsai Mozilla CVS query tool. The vulnerability is an absolute path disclosure exposed in error messages generated by cvslog.cgi, cvsview2.cgi, and multidiff.cgi. Connected records confirm Debian advisory DSA-265-1 documents the issue and notes a missing update; OpenVAS...
CVE-2002-1527
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message...
CVE-2002-1545
CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response...
CVE-2002-1423
tmpview.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter...
CVE-2002-1423
The CVE-2002-1423 issue concerns FUDforum, where tmp_view.php before version 2.2.0 allows remote attackers to read arbitrary files through an absolute pathname supplied in the file parameter. The underlying vulnerability is a path traversal/unsafe file inclusion in the tmp_view.php handler, enabl...
CVE-2002-1525
CVE-2002-1525 concerns a directory traversal vulnerability in the ASTAware SearchDisk engine of Sun ONE Starter Kit 2.0. The flaw allows remote attackers to read arbitrary files via a .. (dot dot) path traversal on ports 6015 or 6016, or through an absolute pathname to port 6017. The available re...
HP-UX ftpd glob() Expansion STAT Buffer Overflow
The remote HPUX 11 FTP server is affected by a buffer overflow vulnerability. The overflow occurs when the STAT command is issued with an argument that expands into an oversized string after being processed by the 'glob' function. TRUSTED...
CVE-2002-2024
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for 1 poppassd.php3, 2 login.php3?reason=chpass2, 3 spelling.php3, and 4 ldap.search.php3?ldapserv=nonsense which leaks the information in error messages...
CVE-2002-0918
CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error...
CVE-2002-0921
CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages...
CVE-2002-0654
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...
CVE-2002-0654
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...
CVE-2002-0921
CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages...
EUVD-2002-0909
CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error...
CVE-2002-1034
CVE-2002-1034 affects SunPS iRunbook 2.5.2. The vulnerability is triggered through none.php by supplying an absolute pathname as an argument, enabling remote attackers to read arbitrary files and potentially compromise confidentiality (and integrity per CVSS). The available connected documents pr...
CVE-2002-0918
CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error...
CVE-2002-0979
The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code...
CVE-2002-0654
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...