CVE-2006-1119

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...

FreeBSD : phpmyadmin -- information disclosure vulnerability (a7062952-9023-11d9-a22c-0001020eed82)

A phpMyAdmin security announcement reports : By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmi...

CVE-2005-1963

Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to 1 reports.php, 2 knowledgebase.php, or 3 configuration.php, which leaks the information in a PHP error message...

CVE-2005-1963

Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to 1 reports.php, 2 knowledgebase.php, or 3 configuration.php, which leaks the information in a PHP error message...

CVE-2004-2009

NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via 1 a direct call to mainfunctions.php, 2 an invalid jokeid parameter in a JokeView function or 3 an invalid cat parameter in a CatView function, which reveals the path in a PHP error message...

CVE-2004-1830

CVE-2004-1830 : The error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information by supplying invalid (language, newlang, or lang) parameters, which leaks the pathname in a PHP error message. This is a information-disclosure issue affecting the specified...

CVE-2004-1953

phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message...

CVE-2004-2019

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message...

CVE-2004-1956

PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the 1 includes/blocks directory, 2 pnadodb directory, 3 NS-NewUser module, 4 NS-YourAccount, 5 NS-LostPassword module, or 6 NS-User module which reveals the path to the web server in a PHP error...

CVE-2004-2009

CVE-2004-2009 concerns NukeJokes versions 1.7 and 2 Beta. The vulnerability allows remote attackers to reveal the server’s full filesystem path through PHP error messages triggered by: (1) a direct request to mainfunctions.php, (2) an invalid jokeid parameter in JokeView, or (3) an invalid cat pa...

CVE-2005-0869

phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...

CVE-2005-1137

Simple PHP Blog sphpBlog 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sbfunctions.php, which leaks the full pathname in a PHP error message...

CVE-2005-1235

auctionmyauctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message...

CVE-2005-0724

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via 1 an invalid str parameter to pafiledb.php, or a direct request to 2 viewall.php, 3 stats.php, 4 search.php, 5 rate.php, 6 main.php, 7 license.php, 8 category.php, 9 download.php, 10 file.php, 11 email.php, or 12...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-1033

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid 1 language parameter to index.php, 2 PHPSESSID parameter to index.php, 3 product parameter to tellafriend.php, 4 add parameter to viewcart.php, or 5 product parameter to viewproduct.php, which reveals the path i...

CVE-2005-0459

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to selectlang.lib.php, which reveals the path in a PHP error message...

CVE-2005-0880

content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 index.php with the forumadmin parameter set, 2 the Surveys module, or 3 the YourAccount module, which reveals the path in a PHP error message...

CVE-2001-1437

Technical details about CVE-2001-1437 are not publicly available in the provided documents; monitor for updates.