1 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1

VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. VisNetic WebSite 3.5 permite a atacantes remotos obtener la ruta completa del servidor mediante una petición conteniendo una carpeta que no existe, lo que filtra la ruta en un mensaje de error, como se demostró usando _vti_bin/fpcount.exe. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html http://marc.info/?l=bugtraq&m=105733894003737&w=2 http://www.krusesecurity.dk/advisories/vis0103.txt http://www.securityfocus.com/bid/8075 https://exchange.xforce.ibmcloud.com/vulnerabilities/12483 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •