EUVD-2005-1053

Malware in sbrugna...

EUVD-2011-3678

Malware in sbrugna...

EUVD-2011-3723

Malware in sbrugna...

EUVD-2005-1031

Malware in sbrugna...

EUVD-2004-2031

Malware in sbrugna...

EUVD-2005-0725

Malware in sbrugna...

EUVD-2004-1976

Malware in sbrugna...

CVE-2011-3728

Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files...

HackerOne: Verbose PHP error messages exposed on a blog article

Hey guys! For what its worth, warning messages aren't suppressed on the /blog/ endpoint, giving verbose PHP error messages when visiting a blog article such as https://www.hackerone.com/blog/H1-702-2018-makes-history-over-500K-bounties-paid. F374066 Impact Not much impact, just disclosures of pat...

CVE-2005-0869

phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-0655

auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to 1 teman.php, 2 hal.php, or 3 arsip.php, which reveals the path in a PHP error message...

CVE-2004-1736

Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to 1 auth.php, 2 authlogin.php, 3 authchangepassword.php, and possibly other php files, which reveal the installation path in a PHP error message...

CVE-2004-1581

BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to 1 checkdb.inc.php, 2 admin.inc.php or 3 cp.inc.php, which reveals the path in a PHP error message...

CVE-2004-1736

Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to 1 auth.php, 2 authlogin.php, 3 authchangepassword.php, and possibly other php files, which reveal the installation path in a PHP error message...

CVE-2004-2009

NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via 1 a direct call to mainfunctions.php, 2 an invalid jokeid parameter in a JokeView function or 3 an invalid cat parameter in a CatView function, which reveals the path in a PHP error message...

CVE-2004-1984

Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to 1 phpinfo.php, 2 addpic.php, 3 config.php, 4 dbinput.php, 5 displayecard.php, 6 ecard.php, 7 crop.inc.php, which reveal the full path in a PHP error message...

[waraxe-2004-SA#024 - XSS and full path disclosure in Network Query Tool 1.6]

================================================================================ waraxe-2004-SA024 ================================================================================ XSS and full path disclosure in Network Query Tool 1.6...

CVE-2004-1956

PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the 1 includes/blocks directory, 2 pnadodb directory, 3 NS-NewUser module, 4 NS-YourAccount, 5 NS-LostPassword module, or 6 NS-User module which reveals the path to the web server in a PHP error...

CVE-2001-1437

easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out...