Frezno Shop 1.4.1 with Debug mode 'ON' Authors Site: https://sourceforge.net/projects/freznoshop/ Frezno Shop 1.4.1 has 'Debug Mode' set to 'On' as default. Problem does not occur with 'Debug Mode' set to 'Off'. +-[Example:]--------------------------------------------------+ Information Disclosure: http://www.victimsite.com/index.php?&id=' Result: A nice error message and path disclousre. +-[Notes:]----------------------------------------------------+ Vulnerabilities found on: 09/02/2005 Author(s) Informed on: 09/02/2005 Author(s) Response: 10/02/2005 Author(s) Fix: JohnC@NoBytes.com http://www.NoBytes.com