Total
9649 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1486 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. | ||||
| CVE-2006-0707 | 1 Pyblosxom | 1 Pyblosxom | 2025-04-03 | N/A |
| PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable. | ||||
| CVE-2006-4223 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | N/A |
| IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137. | ||||
| CVE-2003-1481 | 1 Stalker | 1 Communigate Pro | 2025-04-03 | N/A |
| CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | ||||
| CVE-2000-0876 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro | 2025-04-03 | N/A |
| WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname. | ||||
| CVE-2005-2036 | 1 Cool Cafe Chat | 1 Cool Cafe Chat | 2025-04-03 | N/A |
| modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value. | ||||
| CVE-2003-1379 | 1 Point Clark Networks | 1 Clarkconnect | 2025-04-03 | N/A |
| clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages. | ||||
| CVE-2005-3645 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2025-04-03 | N/A |
| phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php. | ||||
| CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2025-04-03 | N/A |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. | ||||
| CVE-2002-2380 | 2 Arescom, Microsoft | 2 Netdsl, Network Firmware | 2025-04-03 | N/A |
| NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. | ||||
| CVE-2003-1555 | 1 Scoznet | 1 Scozbook | 2025-04-03 | N/A |
| ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message. | ||||
| CVE-2005-1754 | 2 Apache Tomcat, Sun | 2 Apache Tomcat, Javamail | 2025-04-03 | N/A |
| JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products. | ||||
| CVE-2006-1677 | 1 Maxdev | 1 Md-pro | 2025-04-03 | N/A |
| MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php. | ||||
| CVE-2002-2346 | 1 Phpbb | 1 Phpbb | 2025-04-03 | N/A |
| phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. | ||||
| CVE-2005-4849 | 1 Apache | 1 Derby | 2025-04-03 | N/A |
| Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2003-1535 | 1 Justice Media | 1 Guestbook | 2025-04-03 | N/A |
| Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. | ||||
| CVE-2000-0368 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. | ||||
| CVE-2005-0797 | 1 Novell | 1 Ichain | 2025-04-03 | N/A |
| Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | ||||
| CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2025-04-03 | N/A |
| The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | ||||
| CVE-2003-1553 | 1 Sips | 1 Sips | 2025-04-03 | N/A |
| Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. | ||||