Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-200
Total 6955 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4669 1 Firebirdsql 1 Firebird 2008-09-05 4.0 MEDIUM N/A
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.
CVE-2006-6999 1 Headstart Solutions 1 Deskpro 2008-09-05 4.3 MEDIUM N/A
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.
CVE-2003-1526 1 Francisco Burzi 1 Php-nuke 2008-09-05 5.0 MEDIUM N/A
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
CVE-2002-2369 1 Perception 1 Liteserve 2008-09-05 5.0 MEDIUM N/A
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.
CVE-2002-2380 2 Arescom, Microsoft 2 Netdsl, Network Firmware 2008-09-05 6.4 MEDIUM N/A
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
CVE-2002-2409 1 Qnx 2 Neutrino Rtos, Photon Microgui 2008-09-05 3.5 LOW N/A
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
CVE-2002-2410 1 Open Webmail 1 Open Webmail 2008-09-05 5.0 MEDIUM N/A
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
CVE-2002-2317 1 Symantec 1 Velociraptor 2008-09-05 7.8 HIGH N/A
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
CVE-2002-2349 1 Phpbb 1 Phpbbmod 2008-09-05 5.0 MEDIUM N/A
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
CVE-2002-2346 1 Phpbb 1 Phpbb 2008-09-05 5.0 MEDIUM N/A
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
CVE-2007-3650 1 Mywebland 1 Mybloggie 2008-09-04 5.0 MEDIUM N/A
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
CVE-2007-3651 1 Fascript 1 Faname 2008-09-04 4.3 MEDIUM N/A
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.
CVE-2002-1432 1 Coxco Support 7 A-cart, Metacart, Midicart Asp and 4 more 2008-09-04 5.0 MEDIUM N/A
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.
CVE-2005-4849 1 Apache 1 Derby 2008-09-04 5.0 MEDIUM N/A
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-3893 1 Microsoft 1 Windows Vista 2008-09-04 1.9 LOW N/A
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.