Lucene search
K

242 matches found

NVD
NVD
added 2005/03/07 5:0 a.m.12 views

CVE-2005-0722

eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message...

5CVSS6.7AI score0.01194EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/02/17 5:0 a.m.21 views

CVE-2005-0459

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to selectlang.lib.php, which reveals the path in a PHP error message...

6.8AI score0.01386EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2005/01/29 12:0 a.m.21 views

Captaris Infinite Mobile Delivery Webmail 2.6 - Full Path Disclosure

source: https://www.securityfocus.com/bid/12399/info Infinite Mobile Delivery Webmail is reportedly affected by a path disclosure vulnerability. This issue could permit a malicious user to expose the root path of the affected application. http://www-webmailusersite-com/username/Folder:?...

7.4AI score
Exploits0
NVD
NVD
added 2003/12/31 5:0 a.m.15 views

CVE-2003-1089

index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message...

5CVSS6.8AI score0.0287EPSS
Exploits1References4
securityvulns
securityvulns
added 2003/11/10 12:0 a.m.29 views

Новые уязвимости.

Командой сетевой безопасности LwB Team найдены следующие уязвимости: 1.Произвольный PHP код в Flipper Poll v1.1 URL: http://php.pogoworld.co.uk FILE: poll.php Не проверяется фактическое расположение сценария: config.php , представленного в параметре rootpath . Exploit:...

Exploits0
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.19 views

CVE-2002-0892

The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message...

6.6AI score0.07556EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2003/02/12 12:0 a.m.27 views

Stronghold swish Search Script Information Disclosure

An information disclosure vulnerability was reported in a sample script provided with Red Hat's Stronghold web server. A remote user can determine the web root directory path. A remote user can send a request to the Stronghold sample script swish to cause the script to reveal the full path to the...

5.6AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.21 views

CVE-2002-2009

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by 1 +/, 2 /, 3 /, and 4 %20/, which leaks the pathname in an error message...

5CVSS6.7AI score0.07314EPSS
Exploits1References8
NVD
NVD
added 2002/12/31 5:0 a.m.14 views

CVE-2002-2247

The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function...

5CVSS6.2AI score0.02569EPSS
Exploits1References3
NVD
NVD
added 2002/12/31 5:0 a.m.13 views

CVE-2002-1677

14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine the physical path to the web root directory via a request with an invalid cfg parameter, which generates an error message that reveals the path...

5CVSS6.4AI score0.01548EPSS
Exploits1References4
NVD
NVD
added 2002/12/31 5:0 a.m.12 views

CVE-2002-1728

askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path...

5CVSS6.7AI score0.01548EPSS
Exploits1References4
NVD
NVD
added 2002/12/31 5:0 a.m.21 views

CVE-2002-2090

Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp...

5CVSS6.6AI score0.01678EPSS
Exploits0References2
NVD
NVD
added 2002/12/31 5:0 a.m.17 views

CVE-2002-2158

zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message...

5CVSS6.7AI score0.01373EPSS
Exploits0References3
NVD
NVD
added 2002/05/29 4:0 a.m.19 views

CVE-2002-0266

Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname...

5CVSS6.6AI score0.08451EPSS
Exploits0References4
Cvelist
Cvelist
added 2002/05/03 4:0 a.m.23 views

CVE-2002-0266

Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname...

6.5AI score0.08451EPSS
Exploits0References4
securityvulns
securityvulns
added 2002/03/19 12:0 a.m.31 views

[ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL02-A11 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : Big Sam Built-In Guestbook...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.24 views

CVE-2001-0934

Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname...

6.4AI score0.04443EPSS
Exploits0References1
NVD
NVD
added 2001/11/28 5:0 a.m.15 views

CVE-2001-0934

Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname...

7.5CVSS6.4AI score0.04443EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2000/01/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2000-0071

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions...

5CVSS5.8AI score0.28058EPSS
Exploits0References1
Cvelist
Cvelist
added 2000/01/04 5:0 a.m.23 views

CVE-1999-0690

HP CDE program includes the current directory in root's PATH variable...

6.5AI score0.00542EPSS
Exploits0References2
Rows per page
Query Builder