Vulnerabilities (CVE)

Filtered by CWE-200
Total 8080 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6249 1 Gentoo 2 Linux, Portage 2025-04-09 2.1 LOW N/A
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
CVE-2008-1291 3 Gentoo, Redhat, Viewvc 3 Linux, Fedora, Viewvc 2025-04-09 4.3 MEDIUM N/A
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
CVE-2008-6961 1 Mozilla 2 Seamonkey, Thunderbird 2025-04-09 4.3 MEDIUM N/A
mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.
CVE-2008-5828 1 Microsoft 1 Windows Live Messenger 2025-04-09 5.0 MEDIUM N/A
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
CVE-2008-3010 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Media Player and 2 more 2025-04-09 10.0 HIGH N/A
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
CVE-2008-6981 1 Phpadultsite 1 Phpadultsite Cms 2025-04-09 5.0 MEDIUM N/A
index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid results_per_page parameter, which leaks the path in an error message. NOTE: this issue might be resultant from a separate SQL injection vulnerability.
CVE-2009-4609 1 Mortbay 1 Jetty 2025-04-09 5.0 MEDIUM N/A
The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.
CVE-2008-2101 1 Vmware 1 Esx 2025-04-09 2.1 LOW N/A
The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2008-2681 1 Realm Project 1 Realm Cms 2025-04-09 5.0 MEDIUM N/A
Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message.
CVE-2007-5196 1 Suse 1 Suse Linux 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.
CVE-2008-7069 1 Paul Arbogast 1 Accms 2025-04-09 7.5 HIGH N/A
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
CVE-2008-1166 1 Flyspray 1 Flyspray 2025-04-09 5.0 MEDIUM N/A
Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
CVE-2008-4029 1 Microsoft 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more 2025-04-09 4.3 MEDIUM N/A
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."
CVE-2008-3857 1 Ibm 1 Db2 Universal Database 2025-04-09 4.6 MEDIUM N/A
The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.
CVE-2007-0011 1 Citrix 1 Access Gateway 2025-04-09 5.0 MEDIUM N/A
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.
CVE-2007-6536 1 Google 1 Toolbar 2025-04-09 6.8 MEDIUM N/A
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.
CVE-2007-3650 1 Mywebland 1 Mybloggie 2025-04-09 5.0 MEDIUM 5.3 MEDIUM
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
CVE-2009-4535 1 Valenok 1 Mongoose 2025-04-09 5.0 MEDIUM N/A
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.
CVE-2009-1700 1 Apple 3 Iphone Os, Ipod Touch, Safari 2025-04-09 4.3 MEDIUM N/A
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
CVE-2008-6342 2 Lobacher Patrick, Typo3 2 Simplefilebrowser, Typo3 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.