Total
8242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1432 | 1 Coxco Support | 7 A-cart, Metacart, Midicart Asp and 4 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. | |||||
| CVE-1999-0453 | 1 Cisco | 1 Router | 2024-02-04 | 5.0 MEDIUM | N/A |
| An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | |||||
| CVE-2003-0456 | 1 Deerfield | 1 Visnetic Website | 2024-02-04 | 5.0 MEDIUM | N/A |
| VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. | |||||
| CVE-2003-1486 | 1 Phorum | 1 Phorum | 2024-02-04 | 5.0 MEDIUM | N/A |
| Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. | |||||
| CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||
| CVE-2002-2288 | 1 Mambo | 1 Site Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. | |||||
| CVE-1999-0524 | 9 Apple, Cisco, Hp and 6 more | 12 Mac Os X, Macos, Ios and 9 more | 2024-02-04 | 2.1 LOW | N/A |
| ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
| CVE-2003-1481 | 1 Stalker | 1 Communigate Pro | 2024-02-04 | 5.8 MEDIUM | N/A |
| CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | |||||
| CVE-2003-1418 | 1 Apache | 1 Http Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). | |||||
| CVE-2003-1535 | 1 Justice Media | 1 Guestbook | 2024-02-04 | 5.0 MEDIUM | N/A |
| Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. | |||||
| CVE-2002-2369 | 1 Perception | 1 Liteserve | 2024-02-04 | 5.0 MEDIUM | N/A |
| Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. | |||||
| CVE-2000-0649 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 2.6 LOW | N/A |
| IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. | |||||
| CVE-1999-0606 | 1 Seaside Enterprises | 1 Ezmall | 2024-02-04 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. | |||||
| CVE-1999-0877 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
| Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. | |||||
| CVE-2003-1559 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2003-1550 | 1 Xoops | 1 Xoops | 2024-02-04 | 5.0 MEDIUM | N/A |
| XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message. | |||||
| CVE-2003-1555 | 1 Scoznet | 1 Scozbook | 2024-02-04 | 5.0 MEDIUM | N/A |
| ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message. | |||||
| CVE-2003-1517 | 1 Dansie | 1 Shopping Cart | 2024-02-04 | 5.0 MEDIUM | N/A |
| cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message. | |||||
| CVE-2003-0904 | 1 Microsoft | 3 Exchange Server, Sharepoint Services, Windows Server 2003 | 2024-02-04 | 6.0 MEDIUM | N/A |
| Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. | |||||
| CVE-2003-1561 | 1 Opera | 1 Opera | 2024-02-04 | 4.3 MEDIUM | N/A |
| Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||