Export limit exceeded: 363142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10717 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2026-04-16 | N/A |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. | ||||
| CVE-2002-0812 | 2 Hpe, Proxim | 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more | 2026-04-16 | N/A |
| Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string. | ||||
| CVE-2003-1559 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | ||||
| CVE-2000-0649 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. | ||||
| CVE-2003-1560 | 1 Netscape | 1 Navigator | 2026-04-16 | N/A |
| Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | ||||
| CVE-2002-2346 | 1 Phpbb | 1 Phpbb | 2026-04-16 | N/A |
| phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. | ||||
| CVE-2003-1561 | 1 Opera | 1 Opera | 2026-04-16 | N/A |
| Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | ||||
| CVE-1999-0606 | 1 Seaside Enterprises | 1 Ezmall | 2026-04-16 | N/A |
| An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. | ||||
| CVE-2002-0596 | 1 Webtrends | 1 Reporting Center | 2026-04-16 | N/A |
| WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message. | ||||
| CVE-1999-0372 | 1 Microsoft | 3 Backoffice, Windows 2000, Windows Nt | 2026-04-16 | N/A |
| The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. | ||||
| CVE-2002-2410 | 1 Open Webmail | 1 Open Webmail | 2026-04-16 | N/A |
| openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. | ||||
| CVE-2002-2409 | 1 Qnx | 2 Neutrino Rtos, Photon Microgui | 2026-04-16 | N/A |
| Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID. | ||||
| CVE-2006-2613 | 2 Mozilla, Netscape | 3 Firefox, Mozilla Suite, Navigator | 2026-04-16 | N/A |
| Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. | ||||
| CVE-2003-1548 | 1 Myabracadaweb | 1 Myabracadaweb | 2026-04-16 | N/A |
| MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message. | ||||
| CVE-2006-1677 | 1 Maxdev | 1 Md-pro | 2026-04-16 | N/A |
| MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php. | ||||
| CVE-2003-1481 | 1 Stalker | 1 Communigate Pro | 2026-04-16 | N/A |
| CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | ||||
| CVE-2003-1553 | 1 Sips | 1 Sips | 2026-04-16 | N/A |
| Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. | ||||
| CVE-2005-0797 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | ||||
| CVE-2002-1432 | 1 Coxco Support | 7 A-cart, Metacart, Midicart Asp and 4 more | 2026-04-16 | N/A |
| MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. | ||||
| CVE-2004-2748 | 1 Webtrends | 1 Reporting Center | 2026-04-16 | N/A |
| viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | ||||