Total
7404 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2276 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-02-28 | 5.0 MEDIUM | N/A |
Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message. | |||||
CVE-1999-1462 | 1 Bb4 | 1 Big Brother | 2024-02-28 | 5.0 MEDIUM | N/A |
Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files. | |||||
CVE-2003-1561 | 1 Opera | 1 Opera | 2024-02-28 | 4.3 MEDIUM | N/A |
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
CVE-2003-1517 | 1 Dansie | 1 Shopping Cart | 2024-02-28 | 5.0 MEDIUM | N/A |
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message. | |||||
CVE-2002-2349 | 1 Phpbb | 1 Phpbbmod | 2024-02-28 | 5.0 MEDIUM | N/A |
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. | |||||
CVE-2003-1481 | 1 Stalker | 1 Communigate Pro | 2024-02-28 | 5.8 MEDIUM | N/A |
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | |||||
CVE-2002-2346 | 1 Phpbb | 1 Phpbb | 2024-02-28 | 5.0 MEDIUM | N/A |
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. | |||||
CVE-1999-0453 | 1 Cisco | 1 Router | 2024-02-28 | 5.0 MEDIUM | N/A |
An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | |||||
CVE-2002-0812 | 2 Hpe, Proxim | 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more | 2024-02-28 | 6.4 MEDIUM | N/A |
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string. | |||||
CVE-2000-0368 | 1 Cisco | 1 Ios | 2024-02-28 | 2.1 LOW | N/A |
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. | |||||
CVE-2002-2289 | 1 Working Resources Inc. | 1 Badblue | 2024-02-28 | 5.0 MEDIUM | N/A |
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. | |||||
CVE-2000-0132 | 1 Microsoft | 1 Virtual Machine | 2024-02-28 | 2.6 LOW | N/A |
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. | |||||
CVE-2003-1404 | 1 Dotbr | 1 Botbr | 2024-02-28 | 7.5 HIGH | N/A |
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | |||||
CVE-1999-0236 | 2 Apache, Illinois | 2 Http Server, Ncsa Httpd | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | |||||
CVE-1999-0372 | 1 Microsoft | 3 Backoffice, Windows 2000, Windows Nt | 2024-02-28 | 2.1 LOW | N/A |
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. | |||||
CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2024-02-28 | 5.0 MEDIUM | N/A |
An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. | |||||
CVE-2002-1432 | 1 Coxco Support | 7 A-cart, Metacart, Midicart Asp and 4 more | 2024-02-28 | 5.0 MEDIUM | N/A |
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. | |||||
CVE-2002-1717 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | |||||
CVE-2003-0001 | 4 Freebsd, Linux, Microsoft and 1 more | 5 Freebsd, Linux Kernel, Windows 2000 and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | |||||
CVE-2002-0422 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 2.6 LOW | N/A |
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. |