Vulnerabilities (CVE)

Filtered by CWE-200
Total 7426 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3008 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2024-11-21 4.3 MEDIUM N/A
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
CVE-2007-2780 1 Psychostats 1 Psychostats 2024-11-21 5.0 MEDIUM N/A
PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.
CVE-2007-2768 2 Netapp, Openbsd 5 Hci Management Node, Hci Storage Node, Solidfire and 2 more 2024-11-21 4.3 MEDIUM N/A
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
CVE-2007-2748 1 Php 1 Php 2024-11-21 4.3 MEDIUM N/A
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
CVE-2007-2590 1 Nokia 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express 2024-11-21 6.4 MEDIUM N/A
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
CVE-2007-2552 1 Wikkawiki 1 Wikkawiki 2024-11-21 5.0 MEDIUM N/A
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
CVE-2007-2479 1 Cerulean Studios 1 Trillian 2024-11-21 7.1 HIGH 5.9 MEDIUM
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
CVE-2007-2402 1 Apple 1 Quicktime 2024-11-21 4.3 MEDIUM N/A
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
CVE-2007-2379 2 Jquery, Netapp 2 Jquery, Snapcenter 2024-11-21 5.0 MEDIUM N/A
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
CVE-2007-2353 1 Apache 1 Axis 2024-11-21 5.0 MEDIUM N/A
Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
CVE-2007-2253 1 Exponent 1 Exponent Cms 2024-11-21 5.0 MEDIUM N/A
Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.
CVE-2007-2022 2 Adobe, Opera 2 Flash Player, Opera Browser 2024-11-21 6.8 MEDIUM N/A
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
CVE-2007-1564 1 Kde 1 Konqueror 2024-11-21 6.8 MEDIUM N/A
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-1563 1 Opera 1 Opera Browser 2024-11-21 6.8 MEDIUM N/A
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-1562 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2024-11-21 6.8 MEDIUM N/A
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-1237 1 Bj Sintay 1 Sitex 2024-11-21 5.0 MEDIUM N/A
sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.
CVE-2007-1194 1 Norman 1 Norman Sandbox Analyzer 2024-11-21 2.1 LOW N/A
Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.
CVE-2007-1167 1 Dzcp 1 Dev\!l\'z Clanportal 2024-11-21 5.0 MEDIUM N/A
inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.
CVE-2007-1116 1 Mozilla 1 Firefox 2024-11-21 5.0 MEDIUM N/A
The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.
CVE-2007-1044 1 Pearson Education 1 Powerschool 2024-11-21 5.0 MEDIUM N/A
Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2.