Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2780 | 1 Psychostats | 1 Psychostats | 2017-07-29 | 5.0 MEDIUM | N/A |
| PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message. | |||||
| CVE-2007-2253 | 1 Exponent | 1 Exponent Cms | 2017-07-29 | 5.0 MEDIUM | N/A |
| Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. | |||||
| CVE-2007-2353 | 1 Apache | 1 Axis | 2017-07-29 | 5.0 MEDIUM | N/A |
| Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message. | |||||
| CVE-2002-2276 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2017-07-29 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message. | |||||
| CVE-2003-1398 | 1 Cisco | 1 Ios | 2017-07-29 | 9.3 HIGH | N/A |
| Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | |||||
| CVE-2003-1409 | 1 Ej3 | 1 Topo | 2017-07-29 | 5.0 MEDIUM | N/A |
| TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message. | |||||
| CVE-2003-1486 | 1 Phorum | 1 Phorum | 2017-07-29 | 5.0 MEDIUM | N/A |
| Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. | |||||
| CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | |||||
| CVE-2006-6886 | 1 Phpwcms | 1 Phpwcms | 2017-07-29 | 5.0 MEDIUM | N/A |
| phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages. | |||||
| CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||
| CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2017-07-29 | 3.3 LOW | N/A |
| chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | |||||
| CVE-2002-2288 | 1 Mambo | 1 Site Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. | |||||
| CVE-2003-1481 | 1 Stalker | 1 Communigate Pro | 2017-07-29 | 5.8 MEDIUM | N/A |
| CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | |||||
| CVE-2002-2289 | 1 Working Resources Inc. | 1 Badblue | 2017-07-29 | 5.0 MEDIUM | N/A |
| soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. | |||||
| CVE-2003-1379 | 1 Point Clark Networks | 1 Clarkconnect | 2017-07-29 | 5.0 MEDIUM | N/A |
| clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages. | |||||
| CVE-2003-1517 | 1 Dansie | 1 Shopping Cart | 2017-07-29 | 5.0 MEDIUM | N/A |
| cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message. | |||||
| CVE-2003-1404 | 1 Dotbr | 1 Botbr | 2017-07-29 | 7.5 HIGH | N/A |
| DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | |||||
| CVE-2003-1468 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-29 | 4.3 MEDIUM | N/A |
| The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | |||||
| CVE-2017-11327 | 1 Tilde Cms Project | 1 Tilde Cms | 2017-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload. | |||||
| CVE-2016-9384 | 1 Xen | 1 Xen | 2017-07-28 | 2.1 LOW | 6.5 MEDIUM |
| Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. | |||||