CVE-2005-1144

popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message...

CVE-2005-1050

CVE-2005-1050 affects PostNuke 0.760-RC3 in the Reviews module’s modload op. The vulnerability allows remote attackers to disclose sensitive information by supplying an invalid id parameter, causing a PHP error message that reveals the path. The NVD entry rates impact as Partial Confidentiality w...

CVE-2005-1050

The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message...

CVE-2005-1144

popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message...

CVE-2005-1033

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid 1 language parameter to index.php, 2 PHPSESSID parameter to index.php, 3 product parameter to tellafriend.php, 4 add parameter to viewcart.php, or 5 product parameter to viewproduct.php, which reveals the path i...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 index.php with the forumadmin parameter set, 2 the Surveys module, or 3 the YourAccount module, which reveals the path in a PHP error message...

CVE-2005-0880

CVE-2005-0880 affects the Vortex Portal’s content.php. An invalid act parameter allows remote attackers to obtain sensitive information by causing a PHP error message that leaks the full pathname. The CVSS data indicates attack vector: network; authentication: none; access: partial confidentialit...

CVE-2005-0869

phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...

CVE-2005-0880

content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message...

CVE-2005-0827

Viewcat.php in 1 RUNCMS 1.1A, 2 Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops exoops, allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message...

CVE-2005-0722

eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message...

CVE-2005-0722

eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message...

CVE-2005-0655

The vulnerability CVE-2005-0655 affects auraCMS 1.5. An attacker can trigger an information disclosure by issuing an HTTP request with an invalid id parameter to one of three PHP endpoints (teman.php, hal.php, arsip.php), causing a PHP error message that reveals the file path. The NVD page report...

CVE-2005-0607

CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to 1 information.php, 2 language.php, 3 listdocs.php, 4 popularprod.php, 5 sale.php, 6 subfooter.inc.php, 7 subheader.inc.php, 8 catnavi.php, or 9 checksum.php, which...

CVE-2004-1736

CVE-2004-1736 affects Cacti 0.8.5a. The issue allows remote attackers to obtain the installation path via HTTP requests to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and potentially other PHP files, causing information disclosure of the installed framework. The root cause is e...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2004-1662

YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message...

CVE-2005-0433

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to 1 db.php, 2 mainfile.php, 3 Downloads/index.php, or 4 WebLinks/index.php, which lists the path in a PHP error message...

CVE-2005-0433

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to 1 db.php, 2 mainfile.php, 3 Downloads/index.php, or 4 WebLinks/index.php, which lists the path in a PHP error message...

CVE-2004-1579

index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid catid parameter, which reveals the full path in a PHP error message...