Vulnerabilities (CVE)

Filtered by CWE-200
Total 7405 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0815 1 Typo3 1 Typo3 2024-02-28 5.0 MEDIUM N/A
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
CVE-2008-3400 1 Xrms 1 Xrms Crm 2024-02-28 4.3 MEDIUM N/A
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
CVE-2009-2134 1 Pivot 1 Pivot 2024-02-28 5.0 MEDIUM N/A
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.
CVE-2008-1330 1 Novell 1 Groupwise 2024-02-28 3.5 LOW N/A
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.
CVE-2008-6561 2 Citrix, Microsoft 2 Presentation Server Client, Windows 2024-02-28 1.9 LOW N/A
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.
CVE-2008-3458 1 Vtiger 1 Vtiger Crm 2024-02-28 5.0 MEDIUM N/A
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.
CVE-2008-2101 1 Vmware 1 Esx 2024-02-28 2.1 LOW N/A
The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2008-3060 1 V-webmail 1 V-webmail 2024-02-28 5.0 MEDIUM N/A
V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message.
CVE-2008-4199 1 Opera 1 Opera Browser 2024-02-28 5.0 MEDIUM N/A
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
CVE-2009-3612 5 Canonical, Fedoraproject, Linux and 2 more 7 Ubuntu Linux, Fedora, Linux Kernel and 4 more 2024-02-28 2.1 LOW N/A
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
CVE-2008-4747 1 Sun 2 Java Access Manager, Java System Ldap Jdk 2024-02-28 2.1 LOW N/A
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library.
CVE-2009-0628 1 Cisco 1 Cisco Ios 2024-02-28 9.0 HIGH N/A
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.
CVE-2009-3646 1 Intervations 1 Navicopa Web Server 2024-02-28 5.0 MEDIUM N/A
InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
CVE-2009-1835 1 Mozilla 2 Firefox, Seamonkey 2024-02-28 4.3 MEDIUM N/A
Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.
CVE-2008-5112 1 Microsoft 2 Windows, Windows 2000 2024-02-28 5.0 MEDIUM N/A
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
CVE-2008-0082 1 Microsoft 1 Windows Messenger 2024-02-28 10.0 HIGH N/A
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
CVE-2009-1900 1 Ibm 1 Websphere Application Server 2024-02-28 5.0 MEDIUM N/A
The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool.
CVE-2009-0278 1 Sun 1 Java System Application Server 2024-02-28 5.0 MEDIUM N/A
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.
CVE-2008-3141 1 Wireshark 1 Wireshark 2024-02-28 4.9 MEDIUM N/A
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
CVE-2008-3304 1 Tuxplanet 1 Bilboblog 2024-02-28 5.0 MEDIUM N/A
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.