https://www.exploit-db.com/exploits/23559
https://cxsecurity.com/issue/WLB-2007110028
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-830

WebTrendsReportingCenter是一款强大的报告系统。WebTrendsReportingCenter包含的管理接口存在路径泄露问题，远程攻击者可以利用这个漏洞获得敏感信息，进一步对系统进行攻击。问题存在于管理接口的viewreport.pl脚本中，提交非法数据给’profileid’参数，会返回包含路径信息的错误页面，导致敏感信息泄露。

source: http://www.securityfocus.com/bid/9460/info

The WebTrends Reporting Center management interface discloses installation path information when an invalid argument for an interface URI parameter is requested. This information may permit an attacker to enumerate the layout of the underlying file system of the host.

This issue was reported for version 6.1a of the software running on Microsoft Windows. Other platforms and versions may also be affected.

http://www.example.com:1099/viewreport.pl?profileid=dontexist

来源:SECTRACK
名称:1008799
链接:http://www.securitytracker.com/id?1008799
来源:BID
名称:9460
链接:http://www.securityfocus.com/bid/9460
来源:BUGTRAQ
名称:20040120WebTrendsReportingCenterPathDisclosurevulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/350419/30/21610/threaded
来源:OSVDB
名称:3680
链接:http://www.osvdb.org/3680
来源:SECUNIA
名称:10689
链接:http://secunia.com/advisories/10689
来源:SREASON
名称:3354
链接:http://securityreason.com/securityalert/3354
来源：NSFOCUS
名称：5963
链接：http://www.nsfocus.net/vulndb/5963