Vulnerabilities (CVE)

Filtered by CWE-200
Total 7404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-2369 1 Perception 1 Liteserve 2024-02-28 5.0 MEDIUM N/A
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.
CVE-2002-1718 1 Microsoft 1 Internet Information Services 2024-02-28 5.0 MEDIUM N/A
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.
CVE-2002-2380 2 Arescom, Microsoft 2 Netdsl, Network Firmware 2024-02-28 6.4 MEDIUM N/A
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
CVE-2003-1560 1 Netscape 1 Navigator 2024-02-28 5.0 MEDIUM N/A
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-1999-0606 1 Seaside Enterprises 1 Ezmall 2024-02-28 5.0 MEDIUM N/A
An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information.
CVE-1999-1136 1 Hp 2 Hp-ux, Mpe Ix 2024-02-28 4.6 MEDIUM N/A
Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.
CVE-2003-1535 1 Justice Media 1 Guestbook 2024-02-28 5.0 MEDIUM N/A
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message.
CVE-2002-2317 1 Symantec 1 Velociraptor 2024-02-28 7.8 HIGH N/A
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
CVE-2003-1409 1 Ej3 1 Topo 2024-02-28 5.0 MEDIUM N/A
TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.
CVE-2003-1366 1 Openbsd 1 Openbsd 2024-02-28 3.3 LOW N/A
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
CVE-2002-2410 1 Open Webmail 1 Open Webmail 2024-02-28 5.0 MEDIUM N/A
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
CVE-2003-0456 1 Deerfield 1 Visnetic Website 2024-02-28 5.0 MEDIUM N/A
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
CVE-2003-1408 1 Lotus 1 Domino Server 2024-02-28 5.0 MEDIUM N/A
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
CVE-2000-0649 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-28 2.6 LOW N/A
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
CVE-2003-1548 1 Myabracadaweb 1 Myabracadaweb 2024-02-28 5.0 MEDIUM N/A
MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message.
CVE-2003-1468 1 Francisco Burzi 1 Php-nuke 2024-02-28 4.3 MEDIUM N/A
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
CVE-1999-0348 1 Microsoft 1 Internet Information Server 2024-02-28 5.0 MEDIUM N/A
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
CVE-2003-1379 1 Point Clark Networks 1 Clarkconnect 2024-02-28 5.0 MEDIUM N/A
clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages.
CVE-2004-1367 1 Oracle 9 Application Server, Collaboration Suite, E-business Suite and 6 more 2024-02-28 4.4 MEDIUM N/A
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
CVE-2003-1555 1 Scoznet 1 Scozbook 2024-02-28 5.0 MEDIUM N/A
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.