Unknown · CVSS Not scored
phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/inc_script/frontend_render/disabled/majonavi.php and certain other files.
Published Sep 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files.
Published Sep 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands.
Published Sep 16, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files.
Published Sep 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
Published Sep 5, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Test/Test_Suhosin.php and certain other files.
Published Sep 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).
Published Sep 16, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
Published Sep 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
Published Sep 5, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published Sep 15, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Automne 4.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/page-redirect-info.php.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information.
Published Sep 6, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value.
Published Sep 16, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files.
Published Sep 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors.
Published Sep 18, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
eggBlog 4.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _lib/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other files.
Published Sep 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL.
Published Sep 27, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files.
Published Sep 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information.
Published Sep 7, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192.
Published Sep 23, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file.
Published Sep 27, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Published Sep 28, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by apps/rmail/webmail/program/lib/Net/SMTP.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.
Published Sep 20, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php.
Published Sep 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Published Sep 28, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Ananta Gazelle 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/template.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple untrusted search path vulnerabilities in ACDSee Photo Editor 2008 5.x build 291 allow local users to gain privileges via a Trojan horse (1) Wintab32.dll or (2) CV11-DialogEditor.dll file in the current working directory, as demonstrated by a directory that contains a .apd file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Sep 6, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php.
Published Sep 24, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Published Sep 28, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter.
Published Sep 27, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
DoceboLMS 4.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by views/dummy/show.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files.
Published Sep 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter.
Published Sep 20, 2012 · Updated Sep 16, 2024