Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3706 1 Atutor 1 Atutor 2025-04-11 N/A
ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files.
CVE-2011-3707 1 Janrain 1 Php-openid 2025-04-11 N/A
JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files.
CVE-2011-3708 1 Automne-cms 1 Automne 2025-04-11 N/A
Automne 4.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/page-redirect-info.php.
CVE-2011-3709 1 B2evolution 1 B2evolution 2025-04-11 N/A
b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files.
CVE-2011-3715 1 Clantiger 1 Clantiger 2025-04-11 N/A
ClanTiger 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/statistics.php and certain other files.
CVE-2011-3724 1 Cubecart 1 Cubecart 2025-04-11 N/A
CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.
CVE-2011-3726 1 Docebo 1 Docebolms 2025-04-11 N/A
DoceboLMS 4.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by views/dummy/show.php and certain other files.
CVE-2011-3727 1 Dokuwiki 1 Dokuwiki 2025-04-11 N/A
DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files.
CVE-2011-3731 1 E107 1 E107 2025-04-11 N/A
e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.
CVE-2011-3733 1 Elgg 1 Elgg 2025-04-11 N/A
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.
CVE-2011-3734 1 Energine 1 Energine 2025-04-11 N/A
Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain other files.
CVE-2011-3735 1 Escortwebsitedesign 1 Escort-agency-cms 2025-04-11 N/A
Escort Agency CMS (aka escort-agency-cms) allows remote attackers to obtain sensitive information via crafted array parameters in a request to a .php file, which reveals the installation path in an error message, as demonstrated by makethumb.php and certain other files.
CVE-2011-3743 1 Hesk 1 Hesk 2025-04-11 N/A
Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files.
CVE-2011-3744 1 Htmlpurifier 1 Html Purifier 2025-04-11 N/A
HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files.
CVE-2011-3745 1 Hycus 1 Hycus Cms 2025-04-11 N/A
HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php.
CVE-2011-4143 1 Rsa 1 Envision 2025-04-11 N/A
EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors.
CVE-2011-3431 1 Apple 1 Iphone Os 2025-04-11 N/A
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
CVE-2011-4409 1 Canonical 1 Ubuntu Linux 2025-04-11 N/A
The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack.
CVE-2011-4457 1 Owasp-java-html-sanitizer Project 1 Owasp-java-html-sanitizer 2025-04-11 N/A
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
CVE-2011-4554 1 Oneclickorgs 1 One Click Orgs 2025-04-11 N/A
One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e-mail address, related to a "2nd Order SMTP Injection" issue.