Lucene search
K

73 matches found

NVD
NVD
added 2006/05/12 5:6 p.m.20 views

CVE-2006-2347

E-Business Designer eBD 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in 1 the id parameter to formgrupo.html, or requests to the 2 archivos/ and 3 files/ directories. NOTE: this issue might be resultant...

5CVSS7.6AI score0.01351EPSS
Exploits0References7
Prion
Prion
added 2006/05/05 12:46 p.m.15 views

Open redirect

Open Bulletin Board OpenBB 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to 1 misc.php and 2 member.php...

5CVSS7.2AI score0.01377EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2006/03/28 10:2 p.m.18 views

CVE-2006-1432

fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL...

5CVSS6.6AI score0.01184EPSS
Exploits0References2
Prion
Prion
added 2006/03/28 10:2 p.m.12 views

Design/Logic Flaw

fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL...

5CVSS7.2AI score0.01184EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2006/03/28 10:0 p.m.18 views

CVE-2006-1432

fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL...

6.6AI score0.01184EPSS
Exploits0References2
CVE
CVE
added 2005/12/05 11:0 a.m.48 views

CVE-2005-4026

CVE-2005-4026 affects Geeklog: search.php in Geeklog 1.4.x before 1.4.0rc1 and 1.3.x before 1.3.11sr3. The issue is an information disclosure where invalid datestart and dateend parameters trigger error messages that leak the web server path. This is a remote-style vulnerability that can reveal s...

5CVSS6.6AI score0.01371EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2005/12/05 12:3 a.m.14 views

CVE-2005-3997

Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including 1 graphs/bannerdaily.php, 2 graphs/bannerinfobox.php, 3 graphs/banneryearly.php, 4 graphs/bannermonthly.ph...

2.6CVSS6.3AI score0.01976EPSS
Exploits0References15
Cvelist
Cvelist
added 2005/11/16 7:37 a.m.14 views

CVE-2003-1242

Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message...

6.6AI score0.06793EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/07/14 4:0 a.m.18 views

CVE-2002-2045

xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to 1 execute PHP commands such as phpinfo or 2 obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message...

7.2AI score0.01712EPSS
Exploits1References7
securityvulns
securityvulns
added 2005/06/17 12:0 a.m.27 views

e107 v0.617 several new and old vulnerabilities

Hello, The e107 is an open-source, PHP and SQL based portal and content management system1. I found some new vulnerabilities in the current release v0.617. Also some "older" flaws2 has been re-discovered in different ways. This email has been sent some months ago to the e107 developers. They fixe...

7.4AI score
Exploits0
CVE
CVE
added 2005/05/10 4:0 a.m.42 views

CVE-2004-1956

PostNuke 0.7.2.6 is affected by CVE-2004-1956. The vulnerability allows remote attackers to cause information disclosure by issuing direct HTTP requests to files in the includes/blocks, pnadodb, NS-NewUser, NS-Your_Account, NS-LostPassword, and NS-User paths, which trigger PHP error messages reve...

5CVSS7.2AI score0.01548EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2005/02/15 5:0 a.m.23 views

CVE-2005-0433

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to 1 db.php, 2 mainfile.php, 3 Downloads/index.php, or 4 WebLinks/index.php, which lists the path in a PHP error message...

5CVSS6.8AI score0.01689EPSS
Exploits1References3
CVE
CVE
added 2005/02/06 5:0 a.m.54 views

CVE-2004-1385

CVE-2004-1385 affects phpGroupWare up to version 0.9.16.003. The vulnerability is an information-disclosure issue where an error message reveals the web server path due to (1) unexpected characters in the session ID (shell metacharacters), (2) an invalid appname parameter to preferences.php, or (...

5CVSS6.5AI score0.07324EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2005/02/06 5:0 a.m.23 views

CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via 1 unexpected characters in the session ID such as shell metacharacters, 2 an invalid appname parameter to preferences.php or 3 an invalid menuaction parameter to index.php, which reveals the web server...

6.5AI score0.07324EPSS
Exploits1References4
NVD
NVD
added 2005/01/10 5:0 a.m.16 views

CVE-2004-1203

parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path...

5CVSS6.6AI score0.01388EPSS
Exploits0References4
NVD
NVD
added 2004/12/31 5:0 a.m.13 views

CVE-2004-2196

Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to 1 admpages.php, 2 corrpages.php, 3 delblock.php, 4 delpage.php, 5 footer.php, 6 home.php, and others...

5CVSS6.7AI score0.02313EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2004/12/31 5:0 a.m.24 views

CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via 1 unexpected characters in the session ID such as shell metacharacters, 2 an invalid appname parameter to preferences.php or 3 an invalid menuaction parameter to index.php, which reveals the web server...

5CVSS6AI score0.07324EPSS
Exploits1References1
NVD
NVD
added 2004/12/31 5:0 a.m.16 views

CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via 1 unexpected characters in the session ID such as shell metacharacters, 2 an invalid appname parameter to preferences.php or 3 an invalid menuaction parameter to index.php, which reveals the web server...

5CVSS6.5AI score0.07324EPSS
Exploits1References4
Cvelist
Cvelist
added 2004/07/13 4:0 a.m.22 views

CVE-2004-0665

csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message...

6.5AI score0.0294EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2004/02/24 12:0 a.m.38 views

TalentSoft Web+ webplus.exe Path Disclosure

The remote host appears to be running Web+ Application Server. The version of Web+ installed on the remote host reveals the physical path of the application when it receives a script file error. %NASLMINLEVEL 70300 This script was written by David Kyger See the Nessus Scripts License for details...

5.5AI score
Exploits0References1
Rows per page
Query Builder