Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1398 | 1 Cisco | 1 Ios | 2025-04-03 | 9.3 HIGH | N/A |
|
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
|
|||||
| CVE-2005-4836 | 1 Apache | 1 Tomcat | 2025-04-03 | 7.8 HIGH | N/A |
|
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
|
|||||
| CVE-2006-1677 | 1 Maxdev | 1 Md-pro | 2025-04-03 | 6.4 MEDIUM | N/A |
|
MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php.
|
|||||
| CVE-2005-4214 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.
|
|||||
| CVE-2000-0649 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 2.6 LOW | N/A |
|
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
|
|||||
| CVE-2003-1418 | 1 Apache | 1 Http Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).
|
|||||
| CVE-2005-3724 | 1 Zyxel | 2 P2000w Version 1 Voip Wifi Phone, Prestige 2000w V.1voip Wi-fi Phone | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
|
|||||
| CVE-2000-0876 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
|
|||||
| CVE-2006-3561 | 1 Bt | 1 Voyager 2091 Wireless Adsl Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c.
|
|||||
| CVE-2002-1432 | 1 Coxco Support | 7 A-cart, Metacart, Midicart Asp and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.
|
|||||
| CVE-2003-1535 | 1 Justice Media | 1 Guestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message.
|
|||||
| CVE-2006-1439 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events.
|
|||||
| CVE-2005-4320 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message.
|
|||||
| CVE-2003-0904 | 1 Microsoft | 3 Exchange Server, Sharepoint Services, Windows Server 2003 | 2025-04-03 | 6.0 MEDIUM | N/A |
|
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
|
|||||
| CVE-2006-0369 | 1 Oracle | 1 Mysql | 2025-04-03 | 2.1 LOW | N/A |
|
MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access
|
|||||
| CVE-2006-2900 | 2 Canon, Microsoft | 2 Network Camera Server Vb101, Ie | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
|
|||||
| CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
|
|||||
| CVE-2003-1550 | 1 Xoops | 1 Xoops | 2025-04-03 | 5.0 MEDIUM | N/A |
|
XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.
|
|||||
| CVE-2003-1486 | 1 Phorum | 1 Phorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message.
|
|||||
| CVE-2006-4223 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.
|
|||||
| CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2025-04-03 | 5.0 MEDIUM | N/A |
|
An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.
|
|||||
| CVE-2002-2380 | 2 Arescom, Microsoft | 2 Netdsl, Network Firmware | 2025-04-03 | 6.4 MEDIUM | N/A |
|
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
|
|||||
| CVE-2005-4368 | 1 Roundcube | 1 Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
|
|||||
| CVE-1999-0877 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
|
|||||
| CVE-2006-2384 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."
|
|||||
| CVE-2002-1718 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.
|
|||||
| CVE-2006-0707 | 1 Pyblosxom | 1 Pyblosxom | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.
|
|||||
| CVE-2006-0103 | 1 Ralph Capper | 1 Tinyphpforum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information.
|
|||||
| CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 3.3 LOW | N/A |
|
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
|
|||||
| CVE-2003-1481 | 1 Stalker | 1 Communigate Pro | 2025-04-03 | 5.8 MEDIUM | N/A |
|
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
|
|||||
| CVE-1999-1462 | 1 Bb4 | 1 Big Brother | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files.
|
|||||
| CVE-2002-2369 | 1 Perception | 1 Liteserve | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.
|
|||||
| CVE-2005-4875 | 1 Typo3 | 1 Typo3 | 2025-04-03 | 7.5 HIGH | N/A |
|
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.
|
|||||
| CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2025-04-03 | 2.1 LOW | N/A |
|
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
|
|||||
| CVE-2004-2748 | 1 Webtrends | 1 Reporting Center | 2025-04-03 | 4.3 MEDIUM | N/A |
|
viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.
|
|||||
| CVE-2002-0596 | 1 Webtrends | 1 Reporting Center | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message.
|
|||||
| CVE-2006-4537 | 1 Dec | 1 Dec Openvms Alpha | 2025-04-03 | 2.1 LOW | N/A |
|
NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.
|
|||||
| CVE-2003-1553 | 1 Sips | 1 Sips | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory.
|
|||||
| CVE-2002-2410 | 1 Open Webmail | 1 Open Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
|
|||||
| CVE-1999-0348 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
|
|||||