Total
7404 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2369 | 1 Perception | 1 Liteserve | 2024-02-28 | 5.0 MEDIUM | N/A |
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. | |||||
CVE-2002-1718 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. | |||||
CVE-2002-2380 | 2 Arescom, Microsoft | 2 Netdsl, Network Firmware | 2024-02-28 | 6.4 MEDIUM | N/A |
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. | |||||
CVE-2003-1560 | 1 Netscape | 1 Navigator | 2024-02-28 | 5.0 MEDIUM | N/A |
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
CVE-1999-0606 | 1 Seaside Enterprises | 1 Ezmall | 2024-02-28 | 5.0 MEDIUM | N/A |
An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. | |||||
CVE-1999-1136 | 1 Hp | 2 Hp-ux, Mpe Ix | 2024-02-28 | 4.6 MEDIUM | N/A |
Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems. | |||||
CVE-2003-1535 | 1 Justice Media | 1 Guestbook | 2024-02-28 | 5.0 MEDIUM | N/A |
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. | |||||
CVE-2002-2317 | 1 Symantec | 1 Velociraptor | 2024-02-28 | 7.8 HIGH | N/A |
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. | |||||
CVE-2003-1409 | 1 Ej3 | 1 Topo | 2024-02-28 | 5.0 MEDIUM | N/A |
TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message. | |||||
CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 3.3 LOW | N/A |
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | |||||
CVE-2002-2410 | 1 Open Webmail | 1 Open Webmail | 2024-02-28 | 5.0 MEDIUM | N/A |
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. | |||||
CVE-2003-0456 | 1 Deerfield | 1 Visnetic Website | 2024-02-28 | 5.0 MEDIUM | N/A |
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. | |||||
CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||
CVE-2000-0649 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 2.6 LOW | N/A |
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. | |||||
CVE-2003-1548 | 1 Myabracadaweb | 1 Myabracadaweb | 2024-02-28 | 5.0 MEDIUM | N/A |
MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message. | |||||
CVE-2003-1468 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-28 | 4.3 MEDIUM | N/A |
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | |||||
CVE-1999-0348 | 1 Microsoft | 1 Internet Information Server | 2024-02-28 | 5.0 MEDIUM | N/A |
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. | |||||
CVE-2003-1379 | 1 Point Clark Networks | 1 Clarkconnect | 2024-02-28 | 5.0 MEDIUM | N/A |
clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages. | |||||
CVE-2004-1367 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2024-02-28 | 4.4 MEDIUM | N/A |
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | |||||
CVE-2003-1555 | 1 Scoznet | 1 Scozbook | 2024-02-28 | 5.0 MEDIUM | N/A |
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message. |