2595 matches found
CVE-2011-3797
ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files...
CVE-2011-3811
TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files...
CVE-2011-3763
OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files...
CVE-2011-3800
Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files...
CVE-2011-3781
CVE-2011-3781 affects PHPIDS 0.6.5, where remote attackers can disclose sensitive information by requesting a PHP file directly, causing an error message that reveals the installation path. The vulnerability is categorized as Information Disclosure (CVSS v2 base score 5.0, Medium). Multiple sourc...
CVE-2011-3795
CVE-2011-3795 affects Podcast Generator 1.3. Remote attackers can obtain sensitive information by directly requesting a PHP file, which leaks the installation path via an error message (as shown in core/themes.php and related files). Public sources (NVD, Red Hat advisories) describe this as an in...
CVE-2011-3822
CVE-2011-3822 affects XOOPS 2.5.0. The vulnerability is an information disclosure where a direct request to a .php file (e.g., modules/system/xoops_version.php) can reveal the installation path in an error message. The issue is documented across multiple sources (NVD, Red Hat, OpenVAS, etc.) with...
CVE-2011-3801
SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visualtest.php and certain other files...
CVE-2011-3824
The CVE-2011-3824 issue affects Your Own URL Shortener (YOURLS) 1.5, where a direct request to a PHP file can disclose installation path information via an error message (e.g., includes/auth.php and similar files). Root cause: error disclosure leaking path details through PHP error handling. Impa...
CVE-2011-3806
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tcepagefooter.php and certain other files...
CVE-2011-3803
CVE-2011-3803 affects SugarCRM 6.1.0. Remote attackers can read sensitive information by directly requesting certain PHP files (e.g., themes/Sugar5/layout_utils.php), triggering error messages that reveal the installation path. Root cause is information disclosure via error output when accessing ...
CVE-2011-3754
Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files...
CVE-2011-3752
LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files...
CVE-2011-3758
::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smartyinternaltemplate.php and certain other files...
CVE-2011-3753
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files...
CVE-2011-3730
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files...
CVE-2011-3732
eggBlog 4.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/fckeditor/editor/dialog/fckspellerpages/spellerpages/server-scripts/spellchecker.php and certain other files...
CVE-2011-3747
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php...
CVE-2011-3746
Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files...
CVE-2011-3740
FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdfbridge.php and certain other files...