EUVD-2004-2001

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2011-3727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an erro...

CVE-2011-3801

SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visualtest.php and certain other files...

CVE-2011-3797

ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files...

CVE-2011-3728

Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files...

CVE-2011-3809

TheHostingTool THT 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files...

CVE-2005-4172

eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message...

CVE-2025-24785

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...

CVE-2025-24785

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...

CVE-2025-24785

CVE-2025-24785 concerns the iTop web-based IT Service Management tool. Affected version: 3.2.0, where an attacker could trigger a PHP error by sending a crafted URL, causing the next user’s dashboard start page to crash. The issue is addressed in version 3.2.1, which fixes the vulnerability by va...

CVE-2025-24785 iTop dashboard vulnerable to denial of service

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...

CVE-2025-24785 iTop dashboard vulnerable to denial of service

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...

CVE-2025-24785 iTop dashboard vulnerable to denial of service

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layoutclass before saving th...

iTop 输入验证错误漏洞

iTop is a simple, web-based IT service management tool from Combodo open source. An input validation error vulnerability exists in iTop version 3.2.0, which stems from the possibility that an attacker could send a URL resulting in a PHP error...

PT-2025-21173 · Itop · Itop

Name of the Vulnerable Software and Affected Versions: iTop version 3.2.0 Description: The issue allows an attacker to send a URL to the server, triggering a PHP error. This error causes the start page to crash for the next user attempting to load the dashboard. Recommendations: For version 3.2.0...

Linux Distros Unpatched Vulnerability : CVE-2018-10547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS ...

GHSA-RMMF-5XHH-GG27 phpMyAdmin path disclosure

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API

The plugin does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. Access the URL below as unauthenticated...

phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in phpMyAdmin. When the user does not...

PHP error_log File Detected

An information disclosure vulnerability exists in the remote web server due to the disclosure of the errorlog file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose potentially sensitive information. No source data...