242 matches found
CVE-2005-0722
eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message...
CVE-2005-0459
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to selectlang.lib.php, which reveals the path in a PHP error message...
Captaris Infinite Mobile Delivery Webmail 2.6 - Full Path Disclosure
source: https://www.securityfocus.com/bid/12399/info Infinite Mobile Delivery Webmail is reportedly affected by a path disclosure vulnerability. This issue could permit a malicious user to expose the root path of the affected application. http://www-webmailusersite-com/username/Folder:?...
CVE-2003-1089
index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message...
Новые уязвимости.
Командой сетевой безопасности LwB Team найдены следующие уязвимости: 1.Произвольный PHP код в Flipper Poll v1.1 URL: http://php.pogoworld.co.uk FILE: poll.php Не проверяется фактическое расположение сценария: config.php , представленного в параметре rootpath . Exploit:...
CVE-2002-0892
The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message...
Stronghold swish Search Script Information Disclosure
An information disclosure vulnerability was reported in a sample script provided with Red Hat's Stronghold web server. A remote user can determine the web root directory path. A remote user can send a request to the Stronghold sample script swish to cause the script to reveal the full path to the...
CVE-2002-2009
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by 1 +/, 2 /, 3 /, and 4 %20/, which leaks the pathname in an error message...
CVE-2002-2247
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function...
CVE-2002-1677
14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine the physical path to the web root directory via a request with an invalid cfg parameter, which generates an error message that reveals the path...
CVE-2002-1728
askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path...
CVE-2002-2090
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp...
CVE-2002-2158
zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message...
CVE-2002-0266
Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname...
CVE-2002-0266
Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname...
[ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities
+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL02-A11 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : Big Sam Built-In Guestbook...
CVE-2001-0934
Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname...
CVE-2001-0934
Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname...
VulnCheck KEV: CVE-2000-0071
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions...
CVE-1999-0690
HP CDE program includes the current directory in root's PATH variable...