Total
7790 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | |||||
CVE-2002-2276 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-02-04 | 5.0 MEDIUM | N/A |
Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message. | |||||
CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 3.3 LOW | N/A |
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | |||||
CVE-2003-0001 | 4 Freebsd, Linux, Microsoft and 1 more | 5 Freebsd, Linux Kernel, Windows 2000 and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | |||||
CVE-1999-0348 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 5.0 MEDIUM | N/A |
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. | |||||
CVE-2000-0132 | 1 Microsoft | 1 Virtual Machine | 2024-02-04 | 2.6 LOW | N/A |
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. | |||||
CVE-2004-1923 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 5.0 MEDIUM | N/A |
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. | |||||
CVE-2003-1404 | 1 Dotbr | 1 Botbr | 2024-02-04 | 7.5 HIGH | N/A |
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | |||||
CVE-2002-1432 | 1 Coxco Support | 7 A-cart, Metacart, Midicart Asp and 4 more | 2024-02-04 | 5.0 MEDIUM | N/A |
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. | |||||
CVE-1999-0453 | 1 Cisco | 1 Router | 2024-02-04 | 5.0 MEDIUM | N/A |
An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | |||||
CVE-2003-0456 | 1 Deerfield | 1 Visnetic Website | 2024-02-04 | 5.0 MEDIUM | N/A |
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. | |||||
CVE-2003-1486 | 1 Phorum | 1 Phorum | 2024-02-04 | 5.0 MEDIUM | N/A |
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. | |||||
CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||
CVE-2002-2288 | 1 Mambo | 1 Site Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. | |||||
CVE-1999-0524 | 9 Apple, Cisco, Hp and 6 more | 12 Mac Os X, Macos, Ios and 9 more | 2024-02-04 | 2.1 LOW | N/A |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
CVE-2003-1481 | 1 Stalker | 1 Communigate Pro | 2024-02-04 | 5.8 MEDIUM | N/A |
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | |||||
CVE-2003-1418 | 1 Apache | 1 Http Server | 2024-02-04 | 4.3 MEDIUM | N/A |
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). | |||||
CVE-2003-1535 | 1 Justice Media | 1 Guestbook | 2024-02-04 | 5.0 MEDIUM | N/A |
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. | |||||
CVE-2002-2369 | 1 Perception | 1 Liteserve | 2024-02-04 | 5.0 MEDIUM | N/A |
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. | |||||
CVE-2000-0649 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 2.6 LOW | N/A |
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. |