Total
7313 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0132 | 1 Microsoft | 1 Virtual Machine | 2024-02-28 | 2.6 LOW | N/A |
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. | |||||
CVE-2003-1404 | 1 Dotbr | 1 Botbr | 2024-02-28 | 7.5 HIGH | N/A |
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | |||||
CVE-1999-0236 | 2 Apache, Illinois | 2 Http Server, Ncsa Httpd | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | |||||
CVE-1999-0372 | 1 Microsoft | 3 Backoffice, Windows 2000, Windows Nt | 2024-02-28 | 2.1 LOW | N/A |
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. | |||||
CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2024-02-28 | 5.0 MEDIUM | N/A |
An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. | |||||
CVE-2002-1432 | 1 Coxco Support | 7 A-cart, Metacart, Midicart Asp and 4 more | 2024-02-28 | 5.0 MEDIUM | N/A |
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. | |||||
CVE-2002-1717 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | |||||
CVE-2003-0001 | 4 Freebsd, Linux, Microsoft and 1 more | 5 Freebsd, Linux Kernel, Windows 2000 and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | |||||
CVE-2002-0422 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 2.6 LOW | N/A |
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. | |||||
CVE-2003-1486 | 1 Phorum | 1 Phorum | 2024-02-28 | 5.0 MEDIUM | N/A |
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. | |||||
CVE-2003-1540 | 1 Wfchat | 1 Wfchat | 2024-02-28 | 5.0 MEDIUM | N/A |
WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt. | |||||
CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2024-02-28 | 2.1 LOW | N/A |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
CVE-2003-1553 | 1 Sips | 1 Sips | 2024-02-28 | 4.3 MEDIUM | N/A |
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. |