CVE

Id
34287  
CVE No.
CVE-2008-4170  
Status
Candidate  
Description
create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message.  
Phase
Assigned (20080922)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
375460 34287 CVE-2008-4170 BUGTRAQ:20080916 [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure  View
375461 34287 CVE-2008-4170 URL:http://www.securityfocus.com/archive/1/archive/1/496417/100/0/threaded  View
375462 34287 CVE-2008-4170 BID:31209  View
375463 34287 CVE-2008-4170 URL:http://www.securityfocus.com/bid/31209  View
375464 34287 CVE-2008-4170 SREASON:4293  View
375465 34287 CVE-2008-4170 URL:http://securityreason.com/securityalert/4293  View
375466 34287 CVE-2008-4170 XF:oscommerce-createaccount-info-disclosure(45193)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
48146 JVNDB-2008-003456 Dynamic MP3 Lister の index.php におけるクロスサイトスクリプティングの脆弱性 Dynamic MP3 Lister の index.php には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2008-4174 34287 4.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003456.html  View