Export limit exceeded: 10717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10717 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0877 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
CVE-2002-0422 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
CVE-2002-0419 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.
CVE-2002-2342 1 Joe Depasquale 1 Bannermatic 2026-04-16 N/A
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
CVE-2002-2289 1 Working Resources Inc. 1 Badblue 2026-04-16 N/A
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
CVE-2002-2349 1 Phpbb 1 Phpbbmod 2026-04-16 N/A
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
CVE-2004-1367 1 Oracle 9 Application Server, Collaboration Suite, E-business Suite and 6 more 2026-04-16 N/A
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
CVE-2002-2380 2 Arescom, Microsoft 2 Netdsl, Network Firmware 2026-04-16 N/A
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
CVE-2000-0368 1 Cisco 1 Ios 2026-04-16 N/A
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
CVE-2006-4595 1 Muforum 1 Muforum 2026-04-16 N/A
muforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes.
CVE-2006-0353 1 Gnu 1 Lsh 2026-04-16 N/A
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.
CVE-2006-1677 1 Maxdev 1 Md-pro 2026-04-16 N/A
MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php.
CVE-2003-1408 1 Lotus 1 Domino Server 2026-04-16 N/A
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
CVE-2006-2356 1 Ipswitch 1 Whatsup Professional 2026-04-16 N/A
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.
CVE-2002-2410 1 Open Webmail 1 Open Webmail 2026-04-16 N/A
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
CVE-1999-0468 1 Microsoft 1 Internet Explorer 2026-04-16 8.2 High
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
CVE-2003-1526 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
CVE-2006-4136 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.
CVE-2006-2950 1 Npds 1 Npds 2026-04-16 N/A
Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message.
CVE-2006-2900 2 Canon, Microsoft 2 Network Camera Server Vb101, Ie 2026-04-16 N/A
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.