Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-200
Total 6955 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1561 1 Opera 1 Opera 2009-01-28 4.3 MEDIUM N/A
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2003-1567 1 Microsoft 1 Internet Information Services 2009-01-15 5.8 MEDIUM N/A
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
CVE-2008-2432 1 Novell 1 Iprint 2008-11-25 5.0 MEDIUM N/A
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument.
CVE-2007-6418 1 Debian 1 Debian Linux 2008-11-14 2.1 LOW N/A
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
CVE-2007-6095 1 Ingate 2 Ingate Firewall, Ingate Siparator 2008-11-14 4.0 MEDIUM N/A
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users.
CVE-2007-5816 1 Contentcustomizer 1 Contentcustomizer 2008-11-14 5.0 MEDIUM N/A
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page.
CVE-2007-5470 1 Microsoft 1 Expression Media 2008-11-14 2.1 LOW N/A
Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.
CVE-2007-5549 1 Cisco 1 Ios 2008-11-14 2.1 LOW N/A
Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-5195 1 Suse 1 Suse Linux 2008-11-14 6.8 MEDIUM N/A
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196.
CVE-2007-5196 1 Suse 1 Suse Linux 2008-11-14 7.5 HIGH N/A
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.
CVE-2007-5011 1 Wilson Windowware 1 Webbatch 2008-11-14 5.0 MEDIUM N/A
webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter.
CVE-2008-3634 1 Apple 3 Itunes, Mac Os X, Mac Os X Server 2008-09-10 2.6 LOW N/A
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.
CVE-2000-0132 1 Microsoft 1 Virtual Machine 2008-09-10 2.6 LOW N/A
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
CVE-2008-3901 2 Linux, Suspend2 2 Linux Kernel, Software Suspend 2 2008-09-05 2.1 LOW N/A
Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
CVE-2008-1113 2 Cisco, Vocera Communications 2 7921 Wireless Ip Phone, Vocera Communications Badge 2008-09-05 7.8 HIGH N/A
Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
CVE-2007-6043 1 Microsoft 1 Windows 2000 2008-09-05 7.1 HIGH N/A
The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
CVE-2007-5550 1 Cisco 1 Ios 2008-09-05 5.0 MEDIUM N/A
Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-5554 1 Oracle 1 Database Server 2008-09-05 7.1 HIGH N/A
Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-5555 1 Symantec 1 Altiris Deployment Solution 2008-09-05 6.9 MEDIUM N/A
Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-5028 1 Dibbler 1 Dibbler 2008-09-05 7.5 HIGH N/A
Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors.