Total
7419 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0797 | 1 Novell | 1 Ichain | 2024-11-20 | 5.0 MEDIUM | N/A |
| Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | |||||
| CVE-2004-2748 | 1 Webtrends | 1 Reporting Center | 2024-11-20 | 4.3 MEDIUM | N/A |
| viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | |||||
| CVE-2004-2320 | 1 Bea | 1 Weblogic Server | 2024-11-20 | 5.8 MEDIUM | N/A |
| The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | |||||
| CVE-2004-1923 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-20 | 5.0 MEDIUM | N/A |
| Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. | |||||
| CVE-2004-1367 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2024-11-20 | 4.4 MEDIUM | N/A |
| Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | |||||
| CVE-2003-1561 | 1 Opera | 1 Opera | 2024-11-20 | 4.3 MEDIUM | N/A |
| Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2003-1560 | 1 Netscape | 1 Navigator | 2024-11-20 | 5.0 MEDIUM | N/A |
| Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2003-1559 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2003-1555 | 1 Scoznet | 1 Scozbook | 2024-11-20 | 5.0 MEDIUM | N/A |
| ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message. | |||||
| CVE-2003-1553 | 1 Sips | 1 Sips | 2024-11-20 | 4.3 MEDIUM | N/A |
| Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. | |||||
| CVE-2003-1550 | 1 Xoops | 1 Xoops | 2024-11-20 | 5.0 MEDIUM | N/A |
| XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message. | |||||
| CVE-2003-1548 | 1 Myabracadaweb | 1 Myabracadaweb | 2024-11-20 | 5.0 MEDIUM | N/A |
| MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message. | |||||
| CVE-2003-1540 | 1 Wfchat | 1 Wfchat | 2024-11-20 | 5.0 MEDIUM | N/A |
| WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt. | |||||
| CVE-2003-1535 | 1 Justice Media | 1 Guestbook | 2024-11-20 | 5.0 MEDIUM | N/A |
| Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. | |||||
| CVE-2003-1526 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-20 | 5.0 MEDIUM | N/A |
| PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. | |||||
| CVE-2003-1517 | 1 Dansie | 1 Shopping Cart | 2024-11-20 | 5.0 MEDIUM | N/A |
| cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message. | |||||
| CVE-2003-1486 | 1 Phorum | 1 Phorum | 2024-11-20 | 5.0 MEDIUM | N/A |
| Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. | |||||
| CVE-2003-1481 | 1 Stalker | 1 Communigate Pro | 2024-11-20 | 5.8 MEDIUM | N/A |
| CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | |||||
| CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2024-11-20 | 5.0 MEDIUM | N/A |
| The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | |||||
| CVE-2003-1468 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-20 | 4.3 MEDIUM | N/A |
| The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | |||||