Vulnerabilities (CVE)

Filtered by CWE-200
Total 7404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1135 1 Omegasoft 1 Interneserviceslosungen 2024-02-28 5.0 MEDIUM N/A
OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.
CVE-2007-6161 1 Tilde 1 Tilde Cms 2024-02-28 5.0 MEDIUM N/A
index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path.
CVE-2007-3850 2 Apple, Linux 2 Powerpc, Linux Kernel 2024-02-28 1.9 LOW N/A
The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space.
CVE-2007-4991 1 Microsoft 1 Isa Server 2024-02-28 5.0 MEDIUM N/A
The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
CVE-2007-3074 1 Mozilla 1 Firefox 2024-02-28 4.3 MEDIUM N/A
Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.
CVE-2007-6607 1 Openbiblio 1 Openbiblio 2024-02-28 5.0 MEDIUM N/A
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) shared/footer.php, (2) circ/mbr_fields.php, or (3) admin/custom_marc_form_fields.php, which reveals the path in various error messages.
CVE-2006-5725 1 Aep Networks 1 Smartgate Ssl Server 2024-02-28 5.0 MEDIUM N/A
The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories.
CVE-2007-5899 1 Php 1 Php 2024-02-28 4.3 MEDIUM N/A
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
CVE-2007-5550 1 Cisco 1 Ios 2024-02-28 5.0 MEDIUM N/A
Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2008-1252 1 Deutsche Telekom 1 Speedport W500 Dsl Router 2024-02-28 10.0 HIGH N/A
b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source.
CVE-2006-6637 1 Ibm 1 Websphere Application Server 2024-02-28 5.0 MEDIUM N/A
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."
CVE-2006-6998 1 Headstart Solutions 1 Deskpro 2024-02-28 5.0 MEDIUM N/A
install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function.
CVE-2007-3656 1 Mozilla 1 Firefox 2024-02-28 6.8 MEDIUM N/A
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
CVE-2007-5022 1 Ibm 1 Tivoli Storage Manager Client 2024-02-28 5.0 MEDIUM N/A
Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2, when using "server-initiated prompted scheduling," allows remote attackers to read a client's data, aka IC53616.
CVE-2006-6735 1 Obie Website 1 Mini Web Shop 2024-02-28 5.0 MEDIUM N/A
modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal.
CVE-2008-0904 1 Bea Systems 2 Aqualogic Interaction, Plumtree Collaboration 2024-02-28 7.8 HIGH N/A
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.
CVE-2007-6249 1 Gentoo 2 Linux, Portage 2024-02-28 2.1 LOW N/A
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
CVE-2006-6457 1 Tiki 1 Tikiwiki Cms\/groupware 2024-02-28 5.0 MEDIUM N/A
tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.
CVE-2007-5439 1 Broadcom 1 Etrust Integrated Threat Management 2024-02-28 5.0 MEDIUM N/A
CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors.
CVE-2008-0863 1 Bea 1 Weblogic Server 2024-02-28 5.0 MEDIUM N/A
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.