Export limit exceeded: 10717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10717 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4368 1 Roundcube 1 Webmail 2026-04-16 N/A
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
CVE-2002-2317 1 Symantec 1 Velociraptor 2026-04-16 N/A
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
CVE-2002-1718 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.
CVE-2002-2289 1 Working Resources Inc. 1 Badblue 2026-04-16 N/A
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
CVE-2002-2288 1 Mambo 1 Site Server 2026-04-16 N/A
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.
CVE-2005-4836 1 Apache 1 Tomcat 2026-04-16 N/A
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
CVE-2002-2276 1 Ultimate Php Board 1 Ultimate Php Board 2026-04-16 N/A
Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.
CVE-2000-0876 1 Texas Imperial Software 2 Wftpd, Wftpd Pro 2026-04-16 N/A
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
CVE-2003-1398 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
CVE-1999-1462 1 Bb4 1 Big Brother 2026-04-16 N/A
Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files.
CVE-1999-0059 1 Sgi 1 Irix 2026-04-16 7.3 High
IRIX fam service allows an attacker to obtain a list of all files on the server.
CVE-2002-2410 1 Open Webmail 1 Open Webmail 2026-04-16 N/A
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
CVE-2002-2409 1 Qnx 2 Neutrino Rtos, Photon Microgui 2026-04-16 N/A
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
CVE-2006-2535 1 Greg Donald 1 Destiney Links Script 2026-04-16 N/A
index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory traversal.
CVE-2005-3747 1 Mortbay 1 Jetty 2026-04-16 N/A
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758.
CVE-2005-3724 1 Zyxel 2 P2000w Version 1 Voip Wifi Phone, Prestige 2000w V.1voip Wi-fi Phone 2026-04-16 N/A
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
CVE-2003-0456 1 Deerfield 1 Visnetic Website 2026-04-16 N/A
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
CVE-2006-0353 1 Gnu 1 Lsh 2026-04-16 N/A
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.
CVE-2006-2900 2 Canon, Microsoft 2 Network Camera Server Vb101, Ie 2026-04-16 N/A
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
CVE-2006-2356 1 Ipswitch 1 Whatsup Professional 2026-04-16 N/A
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.