Vulnerabilities (CVE)

Filtered by CWE-425
Total 167 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-1688 1 Wordpress 1 Wordpress 2024-02-28 5.0 MEDIUM N/A
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
CVE-2005-1668 1 Yusasp 1 Web Asset Manager 2024-02-28 7.5 HIGH N/A
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp.
CVE-2005-1698 1 Postnuke 1 Postnuke 2024-02-28 5.0 MEDIUM N/A
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message.
CVE-2005-1697 1 Postnuke 1 Postnuke 2024-02-28 5.0 MEDIUM N/A
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.
CVE-2004-2144 1 Baalsystems 1 Baal Smart Forms 2024-02-28 7.5 HIGH N/A
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php.
CVE-2004-2257 1 Phpmyfaq 1 Phpmyfaq 2024-02-28 5.0 MEDIUM N/A
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
CVE-2002-1798 1 Midicart 3 Midicart Php, Midicart Php Maxi, Midicart Php Plus 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.