73 matches found
CVE-2023-50955
IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777...
PT-2024-14026 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows an authenticated privileged user to obtain the absolute path of the web server installation, which could aid in further attacks against the system. Recommendations:...
IBM InfoSphere Information Server Security Vulnerability
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that originate...
The vulnerability of the GE Proficy HMI/SCADA iFIX software control system lies in improper code generation, which allows attackers to gain full control over the software.
The vulnerability of the GE Proficy HMI/SCADA iFIX supervisory control software lies in improper code generation. Exploiting this vulnerability can allow an attacker to gain full control over the software by introducing a malicious configuration file into the expected web server execution path...
CVE-2023-4487
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...
PT-2023-5230 · Ge · Ge Cimpicity
Name of the Vulnerable Software and Affected Versions: GE CIMPLICITY version 2023 Description: The issue is related to a process control vulnerability in GE CIMPLICITY 2023, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to...
python: open redirection vulnerability in lib/http/server.py may lead to information disclosure
A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...
GE iFIX 代码注入漏洞
GE iFIX is General Electric's GE platform for improving productivity and process control through industrial-grade SCADA and high-performance HMI. A code injection vulnerability exists in GE iFIX. An attacker could use this vulnerability to insert a malicious configuration file into the intended w...
eLection 2.0 - id SQL Injection
eLection 2.0 - id SQL Injection Title: eLection 2.0 - 'id' SQL Injection Date: 2020-02-21 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/election-by-tripath/ Software Link: https://sourceforge.net/projects/election-by-tripath/files/Version 2.0 Tested on Ubuntu 19/Ka...
CVE-2003-1469
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message...
CVE-2003-1468
Technical details beyond the CVE description are not provided in the supplied documents. Monitor for updates from authoritative sources to confirm affected versions, impact, and fixes.
CVE-2003-1486
CVE-2003-1486 affects Phorum 3.4 to 3.4.2. An incorrect HTTP request to one of nine scripts (smileys.php, quick_listrss.php, purge.php, news.php, memberlist.php, forum_listrss.php, forum_list_rdf.php, forum_list.php, move.php) can make the server leak its full path in an error message. This is a ...
CVE-2006-5844
Speedywiki 2.0 is affected. The vulnerability allows remote attackers to disclose the web server’s full path by abusing the showRevisions[] and searchText[] parameters in index.php, and also via a direct request to upload.php with no parameters. This aligns with NVD data and PT Security’s advisor...
PT-2006-6518 · Speedywiki · Speedywiki
Name of the Vulnerable Software and Affected Versions: Speedywiki version 2.0 Description: The issue allows remote attackers to obtain the full path of the web server. This can be achieved via the showRevisions and searchText parameters in "index.php", and also through a direct request to...
CVE-2006-5759
index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty 1 rns or 2 pag arguments, which reveals the path in an error message...
CVE-2006-5759
The connected PT-2006-6440 entry confirms a path-disclosure vulnerability in Rhadrix If-CMS, affecting versions 1.01–2.07. The issue arises when empty arguments rns[] or pag[] are provided, causing an error message that reveals the web server’s full filesystem path. This can aid an attacker in lo...
CVE-2006-4899
The ePPIServlet script in Computer Associates CA eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" single quote in the PIProfile function, which leaks the path in an error message...
CVE-2006-4899
The ePPIServlet script in Computer Associates CA eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" single quote in the PIProfile function, which leaks the path in an error message...
Deserialization of untrusted data
index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action...
CVE-2006-2690
An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid 1 perso or 2 aide parameters...