Kaleidoscope - InZeed

- Science, Technology, Article, Music, Poem, Essay, etc ...

Full Path Disclosure Vulnerability

Full Path Disclosure (FPD) is the revelation of the full operating path of a vulnerable script. The FPD bug is executed by injecting unexpected characters into certain parameters of a web-page. The script doesn’t expect the injected character and returns an error message that includes information of the error, as well as the operating path of the targeted script.

FPD vulnerabilities are generally observed as low risk threats, too often overlooked by web-masters as nothing to worry about, or features of the scripting language. While the latter is true, only the web-master should see the output of the error messages, and log them as appropriate; an attacker should never see the output of an error message within a web-page.

CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities

  CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities   Exploit Title: CVE-2015-2214 NetCat CMS Full Path Disclosure Web Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested Version: 5.01 3.12 Advisory Publication: February 27, 2015 Latest Update: […]

724CMS 5.01 Information Leakage Security Vulnerabilities

724CMS 5.01 Multiple Information Leakage Security Vulnerabilities   Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01   4.01   4.59   5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: * Impact CVSS Severity (version 2.0): […]

CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities

  CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities Exploit Title: DLGuard “/index.php?” “&c” parameter Full Path Disclosure Web Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: January 18, 2015 Latest Update: March 20, 2015 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: CVE-2015-2209 Impact CVSS Severity […]

WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities

WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities   Exploit Title: WordPress Daily Edition Theme /thumb.php src Parameters Information Leakage Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.*   v1.5.*   v1.4.*   v1.3.*   v1.2.*   v1.1.*   v.1.0.* Tested Version: v1.6.2 Advisory Publication: March 10, 2015 Latest Update: […]

Webshop hun v1.062S Information Leakage (Full Path Disclosure – FPD) Security Vulnerabilities

Webshop hun v1.062S Information Leakage (Full Path Disclosure – FPD) Security Vulnerabilities   Exploit Title: Webshop hun v1.062S /index.php termid parameter Information Leakage Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version: v1.062S Advisory Publication: March 07, 2015 Latest Update: March 07, 2015 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: * […]

Kaleidoscope - InZeed © 2015 Frontier Theme