54 matches found
CVE-2016-3142
The pharparsezipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and application crash by placing a PK\x05\x06 signature at an inval...
CVE-2013-3896
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."...
CVE-2013-3041
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."...
CVE-2011-3646
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed jsframe parameter to phpmyadmin.css.php, which reveals the installation path in an error message...
CVE-2011-3821
xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xajaxcore/pluginlayer/xajaxScriptPlugin.inc.php and certain other files...
CVE-2011-3715
ClanTiger 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/statistics.php and certain other files...
CVE-2009-1311
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODEFILEONLY save of the inner frame...
CVE-2008-3304
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via 1 an enablecache=false query string to footer.php or 2 a direct request to pagination.php, which reveals the installation path in an error message...
CVE-2007-4089
Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to 1 forum.php, 2 cp.php, and possibly other unspecified components...
CVE-2007-0902
Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2004-1577
index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message...
CVE-2004-1677
pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message...
CVE-2004-0736
The search module in Php-Nuke allows remote attackers to gain sensitive information via the 1 "" or 2 "+" search patterns, which reveals the path in an error message...
CVE-2003-1168
HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . dot in the file parameter, which reveals the installation path in an error message...