Total
7424 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2024-11-20 | 5.0 MEDIUM | N/A |
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||
CVE-2003-1404 | 1 Dotbr | 1 Botbr | 2024-11-20 | 7.5 HIGH | N/A |
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | |||||
CVE-2003-1398 | 1 Cisco | 1 Ios | 2024-11-20 | 9.3 HIGH | N/A |
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | |||||
CVE-2003-1379 | 1 Point Clark Networks | 1 Clarkconnect | 2024-11-20 | 5.0 MEDIUM | N/A |
clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages. | |||||
CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2024-11-20 | 3.3 LOW | N/A |
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | |||||
CVE-2003-0904 | 1 Microsoft | 3 Exchange Server, Sharepoint Services, Windows Server 2003 | 2024-11-20 | 6.0 MEDIUM | N/A |
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. | |||||
CVE-2003-0456 | 1 Deerfield | 1 Visnetic Website | 2024-11-20 | 5.0 MEDIUM | N/A |
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. | |||||
CVE-2003-0001 | 4 Freebsd, Linux, Microsoft and 1 more | 5 Freebsd, Linux Kernel, Windows 2000 and 2 more | 2024-11-20 | 5.0 MEDIUM | N/A |
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | |||||
CVE-2002-2436 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-11-20 | 4.3 MEDIUM | N/A |
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | |||||
CVE-2002-2435 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-20 | 4.3 MEDIUM | N/A |
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | |||||
CVE-2002-2410 | 1 Open Webmail | 1 Open Webmail | 2024-11-20 | 5.0 MEDIUM | N/A |
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. | |||||
CVE-2002-2409 | 1 Qnx | 2 Neutrino Rtos, Photon Microgui | 2024-11-20 | 3.5 LOW | N/A |
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID. | |||||
CVE-2002-2380 | 2 Arescom, Microsoft | 2 Netdsl, Network Firmware | 2024-11-20 | 6.4 MEDIUM | N/A |
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. | |||||
CVE-2002-2369 | 1 Perception | 1 Liteserve | 2024-11-20 | 5.0 MEDIUM | N/A |
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. | |||||
CVE-2002-2349 | 1 Phpbb | 1 Phpbbmod | 2024-11-20 | 5.0 MEDIUM | N/A |
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. | |||||
CVE-2002-2346 | 1 Phpbb | 1 Phpbb | 2024-11-20 | 5.0 MEDIUM | N/A |
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. | |||||
CVE-2002-2342 | 1 Joe Depasquale | 1 Bannermatic | 2024-11-20 | 5.0 MEDIUM | N/A |
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files. | |||||
CVE-2002-2317 | 1 Symantec | 1 Velociraptor | 2024-11-20 | 7.8 HIGH | N/A |
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. | |||||
CVE-2002-2289 | 1 Working Resources Inc. | 1 Badblue | 2024-11-20 | 5.0 MEDIUM | N/A |
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. | |||||
CVE-2002-2288 | 1 Mambo | 1 Site Server | 2024-11-20 | 5.0 MEDIUM | N/A |
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. |