Total
7405 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2950 | 1 Npds | 1 Npds | 2024-02-28 | 5.0 MEDIUM | N/A |
Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message. | |||||
CVE-2006-2613 | 2 Mozilla, Netscape | 3 Firefox, Mozilla Suite, Navigator | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. | |||||
CVE-2006-2111 | 1 Microsoft | 1 Outlook Express | 2024-02-28 | 4.3 MEDIUM | N/A |
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." | |||||
CVE-2006-4136 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. | |||||
CVE-2005-3164 | 2 Apache, Hitachi | 2 Tomcat, Cosminexus Application Server | 2024-02-28 | 2.6 LOW | N/A |
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. | |||||
CVE-2005-3747 | 1 Mortbay | 1 Jetty | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758. | |||||
CVE-2005-0797 | 1 Novell | 1 Ichain | 2024-02-28 | 5.0 MEDIUM | N/A |
Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | |||||
CVE-2004-2748 | 1 Webtrends | 1 Reporting Center | 2024-02-28 | 4.3 MEDIUM | N/A |
viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | |||||
CVE-2005-3088 | 1 Fetchmail | 1 Fetchmail | 2024-02-28 | 2.1 LOW | N/A |
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords. | |||||
CVE-2005-4214 | 1 Coinsoft Technologies | 1 Phpcoin | 2024-02-28 | 5.0 MEDIUM | N/A |
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined. | |||||
CVE-2005-3724 | 1 Zyxel | 2 P2000w Version 1 Voip Wifi Phone, Prestige 2000w V.1voip Wi-fi Phone | 2024-02-28 | 6.4 MEDIUM | N/A |
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. | |||||
CVE-2005-3529 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-28 | 5.0 MEDIUM | N/A |
tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. | |||||
CVE-2005-2036 | 1 Cool Cafe Chat | 1 Cool Cafe Chat | 2024-02-28 | 7.5 HIGH | N/A |
modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value. | |||||
CVE-2006-1677 | 1 Maxdev | 1 Md-pro | 2024-02-28 | 6.4 MEDIUM | N/A |
MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php. | |||||
CVE-2005-4368 | 1 Roundcube | 1 Webmail | 2024-02-28 | 5.0 MEDIUM | N/A |
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. | |||||
CVE-2006-0103 | 1 Ralph Capper | 1 Tinyphpforum | 2024-02-28 | 5.0 MEDIUM | N/A |
TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information. | |||||
CVE-2006-0707 | 1 Pyblosxom | 1 Pyblosxom | 2024-02-28 | 5.0 MEDIUM | N/A |
PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable. | |||||
CVE-2006-3561 | 1 Bt | 1 Voyager 2091 Wireless Adsl Router | 2024-02-28 | 5.0 MEDIUM | N/A |
BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c. | |||||
CVE-2006-4537 | 1 Dec | 1 Dec Openvms Alpha | 2024-02-28 | 2.1 LOW | N/A |
NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file. | |||||
CVE-2006-2356 | 1 Ipswitch | 1 Whatsup Professional | 2024-02-28 | 5.0 MEDIUM | N/A |
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. |