Vulnerabilities (CVE)

Filtered by CWE-200
Total 7404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6702 1 Goahead Software 2 Fs4104-aw Device, Goahead Webserver 2024-02-28 5.0 MEDIUM N/A
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.
CVE-2007-6408 1 Ibm 1 Tivoli Provisioning Manager Express 2024-02-28 5.0 MEDIUM N/A
IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
CVE-2007-5404 1 Layton Technology 1 Helpbox 2024-02-28 5.0 MEDIUM N/A
Layton HelpBox 3.7.1 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.
CVE-2008-0195 1 Wordpress 1 Wordpress 2024-02-28 5.0 MEDIUM N/A
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.
CVE-2007-0058 1 Cisco 1 Network Admission Control Manager And Server System Software 2024-02-28 7.8 HIGH N/A
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.
CVE-2006-6886 1 Phpwcms 1 Phpwcms 2024-02-28 5.0 MEDIUM N/A
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
CVE-2007-1167 1 Dzcp 1 Dev\!l\'z Clanportal 2024-02-28 5.0 MEDIUM N/A
inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.
CVE-2008-0589 1 Ibm 1 Aix 2024-02-28 4.9 MEDIUM N/A
The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.
CVE-2007-6193 1 Citrix 1 Netscaler 2024-02-28 5.0 MEDIUM N/A
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface.
CVE-2007-0042 1 Microsoft 5 .net Framework, Windows 2000, Windows 2003 Server and 2 more 2024-02-28 7.8 HIGH N/A
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
CVE-2007-2353 1 Apache 1 Axis 2024-02-28 5.0 MEDIUM N/A
Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
CVE-2007-2379 2 Jquery, Netapp 2 Jquery, Snapcenter 2024-02-28 5.0 MEDIUM N/A
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
CVE-2007-2402 1 Apple 1 Quicktime 2024-02-28 4.3 MEDIUM N/A
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
CVE-2007-5379 1 David Hansson 1 Ruby On Rails 2024-02-28 5.0 MEDIUM N/A
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.
CVE-2007-1564 1 Kde 1 Konqueror 2024-02-28 6.8 MEDIUM N/A
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-5011 1 Wilson Windowware 1 Webbatch 2024-02-28 5.0 MEDIUM N/A
webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter.
CVE-2007-3385 1 Apache 1 Tomcat 2024-02-28 4.3 MEDIUM N/A
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
CVE-2008-0041 1 Apple 1 Mac Os X 2024-02-28 5.0 MEDIUM N/A
Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.
CVE-2007-5555 1 Symantec 1 Altiris Deployment Solution 2024-02-28 6.9 MEDIUM N/A
Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-2253 1 Exponent 1 Exponent Cms 2024-02-28 5.0 MEDIUM N/A
Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.