CVE-2005-1963

Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to 1 reports.php, 2 knowledgebase.php, or 3 configuration.php, which leaks the information in a PHP error message...

CVE-2004-2039

e107 0.615 allows remote attackers to obtain sensitive information via a direct request to 1 altnews.php, 2 backendmenu.php, 3 clockmenu.php, 4 countermenu.php, 5 loginmenu.php, and other files, which reveal the full path in a PHP error message...

CVE-2004-1830

CVE-2004-1830 : The error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information by supplying invalid (language, newlang, or lang) parameters, which leaks the pathname in a PHP error message. This is a information-disclosure issue affecting the specified...

CVE-2004-2009

NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via 1 a direct call to mainfunctions.php, 2 an invalid jokeid parameter in a JokeView function or 3 an invalid cat parameter in a CatView function, which reveals the path in a PHP error message...

CVE-2004-1953

phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message...

CVE-2004-2039

CVE-2004-2039 affects e107 0.615. Remote attackers could trigger direct requests to specific PHP files (alt_news.php, backend_menu.php, clock_menu.php, counter_menu.php, login_menu.php, etc.) and cause PHP error messages that disclose the full server path, enabling information disclosure. The ava...

CVE-2004-2019

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message...

CVE-2004-1956

PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the 1 includes/blocks directory, 2 pnadodb directory, 3 NS-NewUser module, 4 NS-YourAccount, 5 NS-LostPassword module, or 6 NS-User module which reveals the path to the web server in a PHP error...

CVE-2004-2009

CVE-2004-2009 concerns NukeJokes versions 1.7 and 2 Beta. The vulnerability allows remote attackers to reveal the server’s full filesystem path through PHP error messages triggered by: (1) a direct request to mainfunctions.php, (2) an invalid jokeid parameter in JokeView, or (3) an invalid cat pa...

CVE-2005-0998

The WebLinks module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server...

CVE-2005-0869

phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...

CVE-2005-1137

Simple PHP Blog sphpBlog 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sbfunctions.php, which leaks the full pathname in a PHP error message...

CVE-2005-0724

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via 1 an invalid str parameter to pafiledb.php, or a direct request to 2 viewall.php, 3 stats.php, 4 search.php, 5 rate.php, 6 main.php, 7 license.php, 8 category.php, 9 download.php, 10 file.php, 11 email.php, or 12...

CVE-2005-1235

auctionmyauctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message...

CVE-2005-0869

phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...

CVE-2005-0855

CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to 1 entete.php, 2 profileaccueil.php, 3 profilemdp.php, 4 profilenotify.php, 5 profileoptions.php, 6 profileperso.php, 7 profilepm.php, or 8 readannonce.php, which leaks the full...

CVE-2005-1033

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid 1 language parameter to index.php, 2 PHPSESSID parameter to index.php, 3 product parameter to tellafriend.php, 4 add parameter to viewcart.php, or 5 product parameter to viewproduct.php, which reveals the path i...

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to 1 sqlvalidator.lib.php, 2 sqlparser.lib.php, 3 selecttheme.lib.php, 4 selectlang.lib.php, 5 relationcleanup.lib.php, 6 headermetastyle.inc.php, 7 getforeign.lib.php, 8 displaytbllinks.lib.php, 9...

CVE-2005-0880

content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 index.php with the forumadmin parameter set, 2 the Surveys module, or 3 the YourAccount module, which reveals the path in a PHP error message...