372 matches found
CVE-2000-1191
CVE-2000-1191 affects htsearch in htDig up to 3.2 beta, 3.1.6, 3.1.5 and earlier. The vulnerability arises when a non-existent configuration file is requested via the config parameter, causing an error message that reveals the server’s full path. This exposes potential information about the serve...
CVE-2001-0389
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument...
CVE-2001-0389
CVE-2001-0389 affects IBM Websphere/NetCommerce3 3.1.2. The vulnerability allows remote attackers to determine the server’s real path by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. Impact is listed as partial confidentiality loss; exploitation is remote over the netw...
CVE-2001-0492
Netcruiser Web server (versions
CVE-2001-0303
Pi3Web 1.0.1 isapi: tstisapi.dll leakage allows remote attackers to determine the server’s physical path by requesting a non-existent file, an information disclosure vulnerability. The Nessus plugin additionally notes that the /isapi/tstisapi.dll CGI has a well-known flaw that can allow arbitrary...
CVE-2001-0303
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file...
CVE-2000-1110
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program...
CVE-2000-0710
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name...
CVE-2000-0189
The CVE-2000-0189 entry concerns ColdFusion Server 4.x where remote attackers can determine the server’s real pathname by requesting application.cfm or onrequestend.cfm. The available sources reproduce this description with no explicit exploit code or confirmed active exploitation details in the ...
CVE-1999-1006
The OpenVAS entry for CVE-1999-1006 documents a GroupWise Web Interface vulnerability in GWWEB.EXE where manipulating the HELP URL request yields information disclosure, including reading local files on the remote host. This confirms the vulnerability class as an information disclosure via a web ...
groupwise.web.txt
Problems found with GroupeWise web server Novell was contacted 3 weeks ago and no reply ----------------------------------------------------------------- 1. The help argument in GWWEB.EXE reveal full web path on the server 2. anyone can read a .htm file on the system with the GWWEB.EXE and the HE...
CVE-2000-0021
Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin...