Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25564
HistoryJan 28, 2011 - 12:00 a.m.

Multiple Web Applications | Full Path Disclosure

2011-01-2800:00:00
vulners.com
57
JSON

The following web applications are found to have full path disclosure
flaws (Ref: WASC-13, CWE-200).

htmlpurifier-4.2.0
phpids-0.6.5
PhpSecInfo
111WebCalendar-1.2.3
adodb
aef-1.0.8
ATutor-2.0
auth
b2evolution-3.3.3
bbpress-1.0.2
cftp-r80
claroline-1.9.7
clipbucket_2.0.9_stable_Fr
cmsmadesimple-1.9.2
CodeIgniter_1.7.2
concrete5.4.0.5
concrete5.4.1.1
CopperminePhotoGallery-1.5.12
craftysyntax3.0.2
CubeCart-4.4.3
dokuwiki-2009-12-25c
Dolphin-7.0.4
dotproject-2.1.4
drupal-7.0
e107_0.7.24
eggblog_4.1.2
elgg-1.7.6
ExoPHPDesk_1.2.1
eyeOS-2.2.0.0
fengoffice_1.7.2
freeway_1_5_alpha_Burstow
frontaccounting-2.3.1
helpcenterlive-2.1.7
hesk-2.2
jcow.4.2.1
joomla-1.6.0
kamads-2_b3
kplaylist.1.8.502
lifetype-1.2.10
limesurvey190plus-build9642-20101214
linpha-1.3.4
mambo-4.6.5
mantisbt-1.2.4
moodle-2.0.1
mound-2.1.6
mybb-1.6
nucleus3.61
NuSOAP
open-realty-2.5.8
OpenBlog-1.2.1
opencart_v1.4.9.3
opendocman-1.2.6-svn-2011-01-21
orangehrm-2.6.0.2
oscommerce-3.0a5
phorum-5.2.15a
PHP-Easy-Survey-Package-2.1.1
PHP-Nuke-8.0
PHP-Point-Of-Sale-10.7
phpads-2.0
phpAlbum_v0.4.1.14.fix06
phpBook-2.1.0
phpcollab-2.5
PHPDevShell-V3.0.0-Beta-4b
PHPfileNavigator-2.3.3
phpFormGen-2.09
phpfreechat-1.3
PhpGedView-all-4.2.3
phpicalendar-2.4
phpld-2-151.2.0
phpmyfaq-2.6.13
phprojekt-6.0.5
phpScheduleIt_1.2.12
phpwcms-1.4.7r412
piwigo-2.1.5
piwik-1.1
pixelpost_v1.7.3
pixie_v1.04
PliggCMS1.1.3
podcastgen1.3
prestashop_1.4.0.6
projectpier-0.8.0.3
serendipity-1.5.5
Smarty
statusnet-0.9.6
SugarCRM-6.1.0
taskfreak-multi-mysql-0.6
tcexam_11.1.015
textpattern-4.2.0
thebuggenie_2.1.2
theHostingTool-v1.2.3
TinyMCE
TinyWebGallery-1.8.3
tomatocart-1.1.3
vanilla-2.0.16
WebCalendar-1.2.3
WeBid-1.0.0
webinsta-mail-list-1.3e
WebsiteBaker_2.8.1
wordpress-3.0.4
xajax
xoops-2.5.0
YOURS
Zend
zikula-1.2.4

Vulnerable files list for each application can be found at

http://yehg.net/lab/pr0js/advisories/path_disclosure/

http://yehg.net/lab/pr0js/advisories/path_disclosure.zip

Solution:

Disable php error_display off.

For those who manage servers, set php error_display setting as 'on' in
php.ini file.
For those who don't, simple put "php_flag error_display off" in
.htaccess file of web root directory (unless it is restricted by
php_admin_flag)

Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd

JSON