Total
9641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3164 | 2 Apache, Hitachi | 2 Tomcat, Cosminexus Application Server | 2025-04-03 | N/A |
| The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. | ||||
| CVE-2003-1550 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message. | ||||
| CVE-2006-1439 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events. | ||||
| CVE-2006-0369 | 1 Oracle | 1 Mysql | 2025-04-03 | N/A |
| MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access | ||||
| CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2025-04-03 | N/A |
| Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | ||||
| CVE-2004-1923 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | N/A |
| Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. | ||||
| CVE-2003-1548 | 1 Myabracadaweb | 1 Myabracadaweb | 2025-04-03 | N/A |
| MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message. | ||||
| CVE-2006-0353 | 1 Gnu | 1 Lsh | 2025-04-03 | N/A |
| unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys. | ||||
| CVE-2006-0103 | 1 Ralph Capper | 1 Tinyphpforum | 2025-04-03 | N/A |
| TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information. | ||||
| CVE-2005-3724 | 1 Zyxel | 2 P2000w Version 1 Voip Wifi Phone, Prestige 2000w V.1voip Wi-fi Phone | 2025-04-03 | N/A |
| Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. | ||||
| CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2025-04-03 | N/A |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. | ||||
| CVE-2005-3529 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | N/A |
| tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. | ||||
| CVE-2003-1409 | 1 Ej3 | 1 Topo | 2025-04-03 | N/A |
| TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message. | ||||
| CVE-2003-1555 | 1 Scoznet | 1 Scozbook | 2025-04-03 | N/A |
| ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message. | ||||
| CVE-2002-1718 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. | ||||
| CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
| chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | ||||
| CVE-2005-1028 | 1 Phpnuke | 1 Php-nuke | 2025-04-03 | N/A |
| PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. | ||||
| CVE-2006-0861 | 1 Michael Salzer | 1 Guestbox | 2025-04-03 | N/A |
| Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog. | ||||
| CVE-2002-0422 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. | ||||
| CVE-2002-2409 | 1 Qnx | 2 Neutrino Rtos, Photon Microgui | 2025-04-03 | N/A |
| Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID. | ||||