Vulnerabilities (CVE)

Filtered by CWE-200
Total 7405 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4180 1 Nooms 1 Nooms 2024-02-28 5.0 MEDIUM N/A
Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability."
CVE-2008-2329 1 Apple 2 Mac Os X, Mac Os X Server 2024-02-28 1.9 LOW N/A
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
CVE-2009-3628 1 Typo3 1 Typo3 2024-02-28 4.0 MEDIUM N/A
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.
CVE-2008-3339 1 Avidweb Technologies 1 Jobbex Jobsite 2024-02-28 6.8 MEDIUM N/A
search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message.
CVE-2009-2130 1 Elvinbts 1 Elvinbts 2024-02-28 5.0 MEDIUM N/A
Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request.
CVE-2009-3883 1 Sun 3 Jdk, Jre, Openjdk 2024-02-28 7.5 HIGH N/A
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.
CVE-2008-5849 1 Checkpoint 1 Vpn-1 2024-02-28 5.0 MEDIUM N/A
Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.
CVE-2008-4560 1 Hp 1 Openview Network Node Manager 2024-02-28 7.8 HIGH N/A
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205.
CVE-2008-3168 1 Empire Server 1 Empire Server 2024-02-28 5.0 MEDIUM N/A
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.
CVE-2008-1290 3 Gentoo, Redhat, Viewvc 3 Linux, Fedora, Viewvc 2024-02-28 4.3 MEDIUM N/A
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
CVE-2008-5423 3 Novell, Redhat, Sun 6 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 3 more 2024-02-28 4.3 MEDIUM N/A
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.
CVE-2008-0996 1 Apple 2 Mac Os X, Mac Os X Server 2024-02-28 1.7 LOW N/A
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
CVE-2008-3171 1 Apple 1 Safari 2024-02-28 5.0 MEDIUM N/A
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2009-1556 1 Cisco 1 Wvc54gca 2024-02-28 3.5 LOW N/A
img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507.
CVE-2008-5420 1 Emc 1 Control Center 2024-02-28 7.8 HIGH N/A
The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.
CVE-2009-0852 1 Stewart Howe 1 Celerbb 2024-02-28 5.0 MEDIUM N/A
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.
CVE-2008-2018 1 Phpizabi 1 Phpizabi 2024-02-28 4.0 MEDIUM N/A
The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user.
CVE-2008-3114 1 Sun 3 Jdk, Jre, Sdk 2024-02-28 5.0 MEDIUM N/A
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.
CVE-2009-2332 1 Cms.tut.su 1 Cms Chainuk 2024-02-28 5.0 MEDIUM N/A
CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message.
CVE-2008-2715 1 Opera 1 Opera Browser 2024-02-28 5.0 MEDIUM N/A
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.