Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2346 | 1 Phpbb | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
|
|||||
| CVE-2002-2289 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 5.0 MEDIUM | N/A |
|
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
|
|||||
| CVE-2006-2356 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.
|
|||||
| CVE-2006-1367 | 1 Motorola | 2 Pebl U6, V600 | 2025-04-03 | 6.8 MEDIUM | N/A |
|
The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because ...
Show More |
|||||
| CVE-2006-4006 | 1 Bomberclone | 1 Bomberclone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.
|
|||||
| CVE-2005-3088 | 1 Fetchmail | 1 Fetchmail | 2025-04-03 | 2.1 LOW | N/A |
|
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
|
|||||
| CVE-2006-4136 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.
|
|||||
| CVE-2000-0588 | 1 Sawmill | 1 Sawmill | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.
|
|||||
| CVE-2006-2950 | 1 Npds | 1 Npds | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message.
|
|||||
| CVE-1999-0453 | 1 Cisco | 1 Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP).
|
|||||
| CVE-2002-2409 | 1 Qnx | 2 Neutrino Rtos, Photon Microgui | 2025-04-03 | 3.5 LOW | N/A |
|
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
|
|||||
| CVE-2002-2349 | 1 Phpbb | 1 Phpbbmod | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
|
|||||
| CVE-2003-1517 | 1 Dansie | 1 Shopping Cart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
|
|||||
| CVE-2003-0456 | 1 Deerfield | 1 Visnetic Website | 2025-04-03 | 5.0 MEDIUM | N/A |
|
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
|
|||||
| CVE-1999-1136 | 1 Hp | 2 Hp-ux, Mpe Ix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.
|
|||||
| CVE-2002-2288 | 1 Mambo | 1 Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.
|
|||||
| CVE-2006-2111 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 4.3 MEDIUM | N/A |
|
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."
|
|||||
| CVE-2005-3498 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.
|
|||||
| CVE-2006-0353 | 1 Gnu | 1 Lsh | 2025-04-03 | 3.6 LOW | N/A |
|
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.
|
|||||
| CVE-2002-0422 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 2.6 LOW | N/A |
|
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
|
|||||
| CVE-2005-3164 | 2 Apache, Hitachi | 2 Tomcat, Cosminexus Application Server | 2025-04-03 | 2.6 LOW | N/A |
|
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
|
|||||
| CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
|
|||||
| CVE-2005-3645 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
|
|||||
| CVE-2003-1560 | 1 Netscape | 1 Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
|
|||||
| CVE-2005-4849 | 1 Apache | 1 Derby | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
|
|||||
| CVE-1999-0059 | 1 Sgi | 1 Irix | 2025-04-03 | 7.1 HIGH | 7.3 HIGH |
|
IRIX fam service allows an attacker to obtain a list of all files on the server.
|
|||||
| CVE-1999-0372 | 1 Microsoft | 3 Backoffice, Windows 2000, Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
|
|||||
| CVE-2002-2342 | 1 Joe Depasquale | 1 Bannermatic | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
|
|||||
| CVE-2006-2535 | 1 Greg Donald | 1 Destiney Links Script | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory traversal.
|
|||||
| CVE-2006-3365 | 1 V3 Chat | 1 V3 Chat | 2025-04-03 | 2.6 LOW | N/A |
|
V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
|
|||||
| CVE-2005-1028 | 1 Phpnuke | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.
|
|||||
| CVE-2025-25975 | 1 Jonschlinkert | 1 Parse-git-config | 2025-04-02 | N/A | 7.5 HIGH |
|
An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function
|
|||||
| CVE-2022-4054 | 1 Gitlab | 1 Gitlab | 2025-04-02 | N/A | 5.5 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.
|
|||||
| CVE-2022-43959 | 1 Bitrix24 | 1 Bitrix24 | 2025-04-02 | N/A | 4.9 MEDIUM |
|
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.
|
|||||
| CVE-2021-47403 | 1 Linux | 1 Linux Kernel | 2025-04-02 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ipack: ipoctal: fix module reference leak
A reference to the carrier module was taken on every open but was only
released once when the final reference to the tty struct was dropped.
Fix this by taking the module reference and initialising the tty driver
data when installing the tty.
|
|||||
| CVE-2025-2840 | 2025-04-01 | N/A | 5.3 MEDIUM | ||
|
The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.
|
|||||
| CVE-2024-13567 | 2025-04-01 | N/A | 7.5 HIGH | ||
|
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/awesome-support directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 6.3.1.
|
|||||
| CVE-2024-36955 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 7.7 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()
The documentation for device_get_named_child_node() mentions this
important point:
"
The caller is responsible for calling fwnode_handle_put() on the
returned fwnode pointer.
"
Add fwnode_handle_put() to avoid a leaked reference.
|
|||||
| CVE-2024-36910 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 6.2 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
uio_hv_generic: Don't free decrypted memory
In CoCo VMs it is possible for the untrusted host to cause
set_memory_encrypted() or set_memory_decrypted() to fail such that an
error is returned and the resulting memory is shared. Callers need to
take care to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional or security
issues.
The VMBus device UIO driver could ...
Show More |
|||||
| CVE-2025-26001 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | N/A | 7.5 HIGH |
|
Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword.
|
|||||