Description
viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Oliver Karow · textremotewindows
https://www.exploit-db.com/exploits/23559
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/350419/30/21610/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10689
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1008799
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3680
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3354
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9460
Scores
EPSS
0.0723
EPSS Percentile
91.6%
Details
CWE
CWE-200
Status
published
Products (1)
webtrends/reporting_center
6.1a
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026