Total
7823 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2384 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." | |||||
CVE-2006-2535 | 1 Greg Donald | 1 Destiney Links Script | 2023-12-10 | 5.0 MEDIUM | N/A |
index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory traversal. | |||||
CVE-2006-0103 | 1 Ralph Capper | 1 Tinyphpforum | 2023-12-10 | 5.0 MEDIUM | N/A |
TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information. | |||||
CVE-2006-2950 | 1 Npds | 1 Npds | 2023-12-10 | 5.0 MEDIUM | N/A |
Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message. | |||||
CVE-1999-1462 | 1 Bb4 | 1 Big Brother | 2023-12-10 | 5.0 MEDIUM | N/A |
Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files. | |||||
CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||
CVE-2004-1367 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2023-12-10 | 4.4 MEDIUM | N/A |
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | |||||
CVE-2003-1553 | 1 Sips | 1 Sips | 2023-12-10 | 4.3 MEDIUM | N/A |
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. | |||||
CVE-2002-2380 | 2 Arescom, Microsoft | 2 Netdsl, Network Firmware | 2023-12-10 | 6.4 MEDIUM | N/A |
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. | |||||
CVE-2002-2342 | 1 Joe Depasquale | 1 Bannermatic | 2023-12-10 | 5.0 MEDIUM | N/A |
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files. | |||||
CVE-2002-1717 | 1 Microsoft | 1 Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | |||||
CVE-1999-0348 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. | |||||
CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2023-12-10 | 2.1 LOW | N/A |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 3.3 LOW | N/A |
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | |||||
CVE-2003-0904 | 1 Microsoft | 3 Exchange Server, Sharepoint Services, Windows Server 2003 | 2023-12-10 | 6.0 MEDIUM | N/A |
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. | |||||
CVE-2000-0368 | 1 Cisco | 1 Ios | 2023-12-10 | 2.1 LOW | N/A |
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. | |||||
CVE-2003-1517 | 1 Dansie | 1 Shopping Cart | 2023-12-10 | 5.0 MEDIUM | N/A |
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message. | |||||
CVE-2003-1404 | 1 Dotbr | 1 Botbr | 2023-12-10 | 7.5 HIGH | N/A |
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | |||||
CVE-2002-2410 | 1 Open Webmail | 1 Open Webmail | 2023-12-10 | 5.0 MEDIUM | N/A |
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. | |||||
CVE-2003-1526 | 1 Francisco Burzi | 1 Php-nuke | 2023-12-10 | 5.0 MEDIUM | N/A |
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. |