Vulnerabilities (CVE)

Filtered by CWE-200
Total 7424 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1408 1 Lotus 1 Domino Server 2024-11-20 5.0 MEDIUM N/A
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
CVE-2003-1404 1 Dotbr 1 Botbr 2024-11-20 7.5 HIGH N/A
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.
CVE-2003-1398 1 Cisco 1 Ios 2024-11-20 9.3 HIGH N/A
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
CVE-2003-1379 1 Point Clark Networks 1 Clarkconnect 2024-11-20 5.0 MEDIUM N/A
clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages.
CVE-2003-1366 1 Openbsd 1 Openbsd 2024-11-20 3.3 LOW N/A
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
CVE-2003-0904 1 Microsoft 3 Exchange Server, Sharepoint Services, Windows Server 2003 2024-11-20 6.0 MEDIUM N/A
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
CVE-2003-0456 1 Deerfield 1 Visnetic Website 2024-11-20 5.0 MEDIUM N/A
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
CVE-2003-0001 4 Freebsd, Linux, Microsoft and 1 more 5 Freebsd, Linux Kernel, Windows 2000 and 2 more 2024-11-20 5.0 MEDIUM N/A
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
CVE-2002-2436 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2024-11-20 4.3 MEDIUM N/A
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
CVE-2002-2435 1 Microsoft 2 Ie, Internet Explorer 2024-11-20 4.3 MEDIUM N/A
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
CVE-2002-2410 1 Open Webmail 1 Open Webmail 2024-11-20 5.0 MEDIUM N/A
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
CVE-2002-2409 1 Qnx 2 Neutrino Rtos, Photon Microgui 2024-11-20 3.5 LOW N/A
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
CVE-2002-2380 2 Arescom, Microsoft 2 Netdsl, Network Firmware 2024-11-20 6.4 MEDIUM N/A
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
CVE-2002-2369 1 Perception 1 Liteserve 2024-11-20 5.0 MEDIUM N/A
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.
CVE-2002-2349 1 Phpbb 1 Phpbbmod 2024-11-20 5.0 MEDIUM N/A
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
CVE-2002-2346 1 Phpbb 1 Phpbb 2024-11-20 5.0 MEDIUM N/A
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
CVE-2002-2342 1 Joe Depasquale 1 Bannermatic 2024-11-20 5.0 MEDIUM N/A
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
CVE-2002-2317 1 Symantec 1 Velociraptor 2024-11-20 7.8 HIGH N/A
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
CVE-2002-2289 1 Working Resources Inc. 1 Badblue 2024-11-20 5.0 MEDIUM N/A
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
CVE-2002-2288 1 Mambo 1 Site Server 2024-11-20 5.0 MEDIUM N/A
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.