103 matches found
CVE-2005-2005
Ultimate PHP Board UPB 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat...
CVE-2005-1892
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via 1 a direct request to footnews.php, which triggers an infinite loop, or 2 direct requests to unknown scripts, which reveals the web document root in an error message...
CVE-2005-1893
FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message...
CVE-2005-1893
CVE-2005-1893 affects FlatNuke 2.5.3. The vulnerability arises when a remote attacker supplies invalid parameters to certain scripts, causing an error message that leaks the web document root. The available documents describe the impact as an information disclosure vulnerability (partial confiden...
CVE-2005-1733
Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt...
CVE-2005-1645
Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...
CVE-2005-1367
Pico Server pServ 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root...
CVE-2005-1601
MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties...
CVE-2005-1586
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to 1 db/users.txt, 2 db/banList.txt, 3 db/censureWords.txt, or ...
CVE-2005-1136
Simple PHP Blog sphpBlog 0.4.0 stores the 1 password.txt and 2 config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files...
CVE-2002-1353
LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst...
Gattaca Server 2003 - Null Byte Full Path Disclosure
Gattaca Server 2003 - Null Byte Full Path Disclosure source: https://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application...
Gattaca Server 2003 - 'Language' Path Exposure
source: https://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error pages that contain the full...
CVE-2003-0599
CVE-2003-0599 concerns phpGroupWare (0.9.16preRC and all versions before 0.9.14.004). The vulnerability lies in the Virtual File System (VFS) capability, with the root cause described as the VFS path being under the web document root, and implications are stated as unknown. The advisory lists a h...
CVE-2003-0599
Unknown vulnerability in the Virtual File System VFS capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root...
CVE-2002-1454
MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message...
CVE-2003-0309
The CVE covers Microsoft Internet Explorer 5.01, 5.5, and 6.0 where a crafted web document with a large number of duplicate file:// or other requests using FRAME/IFRAME can trigger multiple file download dialogs, ultimately allowing remote code execution. The issue is mitigated by Microsoft patch...
CVE-2002-1467
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via 1 an HTTP redirect, 2 a "file://" base in a web document, or 3 a relative URL from a web archive mht file...
CVE-2002-2342
Bannermatic 1, 2, and 3 stores the 1 ban.log, 2 ban.bak, 3 ban.dat and 4 banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files...
CVE-2002-0917
CVE-2002-0917 affects CGIScript.net csPassword.cgi, which stores .htpasswd files under the web document root. This allows remote authenticated users to download the password file and crack other users’ passwords. The vulnerability is mapped to a high severity (CVSS v2 base score 7.5, vector AV:N/...