Search Results (10728 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3529 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.
CVE-2002-0812 2 Hpe, Proxim 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more 2026-04-16 N/A
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
CVE-2003-1379 1 Point Clark Networks 1 Clarkconnect 2026-04-16 N/A
clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages.
CVE-2006-4006 1 Bomberclone 1 Bomberclone 2026-04-16 N/A
The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.
CVE-2006-4136 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.
CVE-1999-0606 1 Seaside Enterprises 1 Ezmall 2026-04-16 N/A
An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information.
CVE-2005-3164 2 Apache, Hitachi 2 Tomcat, Cosminexus Application Server 2026-04-16 N/A
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
CVE-1999-0372 1 Microsoft 3 Backoffice, Windows 2000, Windows Nt 2026-04-16 N/A
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
CVE-2003-1517 1 Dansie 1 Shopping Cart 2026-04-16 N/A
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
CVE-2006-2384 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."
CVE-2006-2341 1 Symantec 2 Enterprise Firewall, Gateway Security 2026-04-16 N/A
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
CVE-2005-4875 1 Typo3 1 Typo3 2026-04-16 N/A
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.
CVE-2003-0456 1 Deerfield 1 Visnetic Website 2026-04-16 N/A
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
CVE-2003-1555 1 Scoznet 1 Scozbook 2026-04-16 N/A
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.
CVE-2005-1028 1 Phpnuke 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.
CVE-2003-1550 1 Xoops 1 Xoops 2026-04-16 N/A
XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.
CVE-2006-0707 1 Pyblosxom 1 Pyblosxom 2026-04-16 N/A
PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.
CVE-2004-2748 1 Webtrends 1 Reporting Center 2026-04-16 N/A
viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.
CVE-2003-1548 1 Myabracadaweb 1 Myabracadaweb 2026-04-16 N/A
MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message.
CVE-2003-1540 1 Wfchat 1 Wfchat 2026-04-16 N/A
WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt.