Total
8209 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3088 | 1 Fetchmail | 1 Fetchmail | 2025-04-03 | 2.1 LOW | N/A |
| fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords. | |||||
| CVE-2003-1535 | 1 Justice Media | 1 Guestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
| Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. | |||||
| CVE-2005-3164 | 2 Apache, Hitachi | 2 Tomcat, Cosminexus Application Server | 2025-04-03 | 2.6 LOW | N/A |
| The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. | |||||
| CVE-2005-4320 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
| Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message. | |||||
| CVE-2000-0649 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 2.6 LOW | N/A |
| IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. | |||||
| CVE-2005-4849 | 1 Apache | 1 Derby | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2006-2111 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 4.3 MEDIUM | N/A |
| A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." | |||||
| CVE-2003-1540 | 1 Wfchat | 1 Wfchat | 2025-04-03 | 5.0 MEDIUM | N/A |
| WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt. | |||||
| CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||
| CVE-2002-2276 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message. | |||||
| CVE-2006-0707 | 1 Pyblosxom | 1 Pyblosxom | 2025-04-03 | 5.0 MEDIUM | N/A |
| PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable. | |||||
| CVE-2002-2317 | 1 Symantec | 1 Velociraptor | 2025-04-03 | 7.8 HIGH | N/A |
| Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. | |||||
| CVE-2002-0812 | 2 Hpe, Proxim | 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more | 2025-04-03 | 6.4 MEDIUM | N/A |
| Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string. | |||||
| CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2025-04-03 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. | |||||
| CVE-2006-2950 | 1 Npds | 1 Npds | 2025-04-03 | 5.0 MEDIUM | N/A |
| Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message. | |||||
| CVE-2005-4368 | 1 Roundcube | 1 Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
| roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. | |||||
| CVE-1999-0877 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
| Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. | |||||
| CVE-2003-0001 | 4 Freebsd, Linux, Microsoft and 1 more | 5 Freebsd, Linux Kernel, Windows 2000 and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | |||||
| CVE-2002-2288 | 1 Mambo | 1 Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. | |||||
| CVE-2005-3498 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information. | |||||