Vulnerabilities (CVE)

Filtered by CWE-200
Total 8242 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-4006 1 Bomberclone 1 Bomberclone 2024-02-04 5.0 MEDIUM N/A
The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.
CVE-2002-1717 1 Microsoft 1 Internet Information Services 2024-02-04 5.0 MEDIUM N/A
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.
CVE-2003-1398 1 Cisco 1 Ios 2024-02-04 9.3 HIGH N/A
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
CVE-1999-0236 2 Apache, Illinois 2 Http Server, Ncsa Httpd 2024-02-04 5.0 MEDIUM 7.5 HIGH
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
CVE-1999-0605 1 Austin Contract Computing 1 Merchant Order Form 2024-02-04 5.0 MEDIUM N/A
An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.
CVE-2002-2289 1 Working Resources Inc. 1 Badblue 2024-02-04 5.0 MEDIUM N/A
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
CVE-2002-0596 1 Webtrends 1 Reporting Center 2024-02-04 5.0 MEDIUM N/A
WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message.
CVE-2002-2317 1 Symantec 1 Velociraptor 2024-02-04 7.8 HIGH N/A
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
CVE-1999-0372 1 Microsoft 3 Backoffice, Windows 2000, Windows Nt 2024-02-04 2.1 LOW N/A
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
CVE-2002-2349 1 Phpbb 1 Phpbbmod 2024-02-04 5.0 MEDIUM N/A
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
CVE-2003-1540 1 Wfchat 1 Wfchat 2024-02-04 5.0 MEDIUM N/A
WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt.
CVE-2002-2342 1 Joe Depasquale 1 Bannermatic 2024-02-04 5.0 MEDIUM N/A
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
CVE-2003-1469 2 Macromedia, Microsoft 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more 2024-02-04 5.0 MEDIUM N/A
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
CVE-2002-2276 1 Ultimate Php Board 1 Ultimate Php Board 2024-02-04 5.0 MEDIUM N/A
Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.
CVE-2003-1366 1 Openbsd 1 Openbsd 2024-02-04 3.3 LOW N/A
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
CVE-2003-0001 4 Freebsd, Linux, Microsoft and 1 more 5 Freebsd, Linux Kernel, Windows 2000 and 2 more 2024-02-04 5.0 MEDIUM N/A
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
CVE-1999-0348 1 Microsoft 1 Internet Information Server 2024-02-04 5.0 MEDIUM N/A
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
CVE-2000-0132 1 Microsoft 1 Virtual Machine 2024-02-04 2.6 LOW N/A
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
CVE-2004-1923 1 Tiki 1 Tikiwiki Cms\/groupware 2024-02-04 5.0 MEDIUM N/A
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.
CVE-2003-1404 1 Dotbr 1 Botbr 2024-02-04 7.5 HIGH N/A
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.