pathname software vulnerabilities
vulnerabilities.aspcode.net
Searching pathname software vulnerabilities
WebSite Pro allows remote attackers to determin
webdirectories
|
attackers
|
determine
|
malformed
|
pathname
|
WebSite
|
request
|
remote
|
allows
|
real
|
Pro
|
URL
|
via
|
WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.
The sample Java servlet "test" in Bajie HTTP we
pathname
|
document
|
reveals
|
servlet
|
server
|
sample
|
"test"
|
Bajie
|
real
|
HTTP
|
Java
|
030a
|
root
|
web
|
The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root.
Htgrep CGI program allows remote attackers to r
specifying
|
arbitrary
|
attackers
|
parameter
|
pathname
|
program
|
Htgrep
|
allows
|
remote
|
files
|
full
|
read
|
CGI
|
hdr
|
Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter.
Muscat Empower CGI program allows remote attack
attackers
|
parameter
|
pathname
|
absolute
|
invalid
|
request
|
Empower
|
program
|
server
|
Muscat
|
allows
|
obtain
|
remote
|
CGI
|
via
|
Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter.
FaSTream FTP++ Server 2.0 allows remote attacke
attackers
|
FaSTream
|
pathname
|
command
|
obtain
|
Server
|
allows
|
remote
|
"pwd"
|
FTP++
|
real
|
via
|
FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command.
PHP, when installed with Apache and configured
configured
|
resulting
|
attackers
|
installed
|
pathname
|
indexphp
|
reveals
|
message
|
OPTIONS
|
default
|
method
|
server
|
obtain
|
Apache
|
search
|
allows
|
remote
|
which
|
error
|
HTTP
|
full
|
page
|
PHP
|
web
|
via
|
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
index.php for PHP-Nuke 5.4 and earlier allows r
determine
|
parameter
|
attackers
|
physical
|
triggers
|
pathname
|
PHP-Nuke
|
indexphp
|
earlier
|
message
|
server
|
allows
|
remote
|
error
|
which
|
leaks
|
file
|
web
|
set
|
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
browse.asp in Hosting Controller allows remote
directories
|
Controller
|
specifying
|
parameter
|
arbitrary
|
attackers
|
browseasp
|
pathname
|
FilePath
|
Hosting
|
target
|
allows
|
remote
|
view
|
browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter.
none.php for SunPS iRunbook 2.5.2 allows remote
iRunbook
|
nonephp
|
SunPS
|
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.
tmp_view.php in FUDforum before 2.2.0 allows re
tmp_viewphp
|
FUDforum
|
before
|
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
emumail.cgi in EMU Webmail 5.0 allows remote at
containing
|
expression
|
emumailcgi
|
determine
|
generates
|
malformed
|
resulting
|
attackers
|
includes
|
matching
|
pathname
|
message
|
Webmail
|
regular
|
allows
|
remote
|
string
|
script
|
error
|
which
|
full
|
EMU
|
via
|
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
ezhttpbench.php in eZ httpbench 1.1 allows remo
ezhttpbenchphp
|
AnalyseSite
|
arbitrary
|
parameter
|
attackers
|
httpbench
|
pathname
|
allows
|
remote
|
files
|
read
|
full
|
via
|
ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter.
phptonuke.php in myPHPNuke 1.8.8 allows remote
phptonukephp
|
myPHPNuke
|
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable.
VisNetic WebSite 3.5 allows remote attackers to
_vti_bin/fcountexe
|
demonstrated
|
containing
|
attackers
|
pathname
|
VisNetic
|
request
|
WebSite
|
message
|
allows
|
folder
|
obtain
|
server
|
remote
|
leaks
|
error
|
using
|
exist
|
which
|
does
|
full
|
via
|
not
|
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fcount.exe.
sendpm.php in PBLang 4.63 allows remote authent
sendpmphp
|
PBLang
|
sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.
LimeWire 4.1.2 through 4.5.6 allows remote atta
LimeWire
|
LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request.
include.cgi script allows remote attackers to r
includecgi
|
attackers
|
arbitrary
|
argument
|
pathname
|
remote
|
script
|
allows
|
files
|
full
|
read
|
via
|
include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
The inserter.cgi script allows remote attackers
insertercgi
|
attackers
|
arbitrary
|
argument
|
pathname
|
remote
|
script
|
allows
|
files
|
full
|
read
|
via
|
The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
The citat.pl script allows remote attackers to
attackers
|
arbitrary
|
argument
|
pathname
|
citatpl
|
allows
|
script
|
remote
|
files
|
full
|
read
|
via
|
The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.
backup/backup_scheduled.php in Moodle before 1.
backup/backup_scheduledphp
|
before
|
Moodle
|
backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname.
Software vulnerabilities results 1 to 20 of 199
Page:
1
2
3
4
5
...
10
►