Vulnerabilities (CVE)

Filtered by CWE-200
Total 7404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-2276 1 Ultimate Php Board 1 Ultimate Php Board 2024-02-28 5.0 MEDIUM N/A
Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.
CVE-1999-1462 1 Bb4 1 Big Brother 2024-02-28 5.0 MEDIUM N/A
Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files.
CVE-2003-1561 1 Opera 1 Opera 2024-02-28 4.3 MEDIUM N/A
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2003-1517 1 Dansie 1 Shopping Cart 2024-02-28 5.0 MEDIUM N/A
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
CVE-2002-2349 1 Phpbb 1 Phpbbmod 2024-02-28 5.0 MEDIUM N/A
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
CVE-2003-1481 1 Stalker 1 Communigate Pro 2024-02-28 5.8 MEDIUM N/A
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
CVE-2002-2346 1 Phpbb 1 Phpbb 2024-02-28 5.0 MEDIUM N/A
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
CVE-1999-0453 1 Cisco 1 Router 2024-02-28 5.0 MEDIUM N/A
An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP).
CVE-2002-0812 2 Hpe, Proxim 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more 2024-02-28 6.4 MEDIUM N/A
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
CVE-2000-0368 1 Cisco 1 Ios 2024-02-28 2.1 LOW N/A
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
CVE-2002-2289 1 Working Resources Inc. 1 Badblue 2024-02-28 5.0 MEDIUM N/A
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
CVE-2000-0132 1 Microsoft 1 Virtual Machine 2024-02-28 2.6 LOW N/A
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
CVE-2003-1404 1 Dotbr 1 Botbr 2024-02-28 7.5 HIGH N/A
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.
CVE-1999-0236 2 Apache, Illinois 2 Http Server, Ncsa Httpd 2024-02-28 5.0 MEDIUM 7.5 HIGH
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
CVE-1999-0372 1 Microsoft 3 Backoffice, Windows 2000, Windows Nt 2024-02-28 2.1 LOW N/A
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
CVE-1999-0605 1 Austin Contract Computing 1 Merchant Order Form 2024-02-28 5.0 MEDIUM N/A
An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.
CVE-2002-1432 1 Coxco Support 7 A-cart, Metacart, Midicart Asp and 4 more 2024-02-28 5.0 MEDIUM N/A
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.
CVE-2002-1717 1 Microsoft 1 Internet Information Services 2024-02-28 5.0 MEDIUM N/A
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.
CVE-2003-0001 4 Freebsd, Linux, Microsoft and 1 more 5 Freebsd, Linux Kernel, Windows 2000 and 2 more 2024-02-28 5.0 MEDIUM N/A
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
CVE-2002-0422 1 Microsoft 1 Internet Information Services 2024-02-28 2.6 LOW N/A
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.