- The Views module contains an information disclosure vulnerability due to the fact that it allows access to user profile data. This vulnerability exposes actual user names, so defensive strategies to protect usernams (such as using aliases, or the RealName (http://drupal.org/project/realname) module) cannot protect against this exposure. This method is particularly useful for finding the Drupal super user account (id 1) and other accounts that might not be exposed anywhere on the public facing site.
- Apply the patch provided in the web reference section.
- PHP.exe Windows CGI for Apache may let remote users view files on the server
- Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)
- WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)
- Apache server-info enabled
- WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7)