Vulnerabilities (CVE)

Filtered by CWE-200
Total 8080 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5028 1 Dibbler 1 Dibbler 2025-04-09 7.5 HIGH N/A
Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors.
CVE-2009-1341 1 Debian 1 Libdbd-pg-perl 2025-04-09 5.0 MEDIUM N/A
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.
CVE-2007-3385 1 Apache 1 Tomcat 2025-04-09 4.3 MEDIUM N/A
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
CVE-2007-5473 2 Microsoft, Mono 2 Windows, Mono 2025-04-09 5.0 MEDIUM N/A
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
CVE-2008-3651 1 Linux 1 Ipsec Tools Racoon Daemon 2025-04-09 4.0 MEDIUM N/A
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
CVE-2008-2004 1 Qemu 1 Qemu 2025-04-09 4.9 MEDIUM N/A
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
CVE-2008-3274 1 Redhat 2 Enterprise Ipa, Freeipa 2025-04-09 5.0 MEDIUM N/A
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
CVE-2008-6896 1 3cx 1 Phone System 2025-04-09 5.0 MEDIUM N/A
login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path.
CVE-2008-2159 1 Microsoft 1 Internet Explorer 2025-04-09 2.1 LOW N/A
Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.
CVE-2008-5107 1 Citrix 2 Desktop Server, Presentation Server 2025-04-09 1.9 LOW N/A
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
CVE-2008-5413 1 Ibm 1 Websphere Application Server 2025-04-09 5.0 MEDIUM N/A
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434.
CVE-2006-5858 2 Adobe, Microsoft 3 Coldfusion, Jrun, Internet Information Services 2025-04-09 5.0 MEDIUM N/A
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
CVE-2009-0274 1 Novell 1 Groupwise 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests.
CVE-2008-0082 1 Microsoft 1 Windows Messenger 2025-04-09 10.0 HIGH N/A
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
CVE-2008-1111 1 Lighttpd 1 Lighttpd 2025-04-09 5.0 MEDIUM N/A
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.
CVE-2008-4115 1 Talkback 1 Talkback 2025-04-09 5.0 MEDIUM N/A
TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
CVE-2008-5507 3 Canonical, Debian, Mozilla 5 Ubuntu Linux, Debian Linux, Firefox and 2 more 2025-04-09 6.0 MEDIUM N/A
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
CVE-2008-6420 1 Socialsitegenerator 1 Social Site Generator 2025-04-09 5.0 MEDIUM N/A
Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php.
CVE-2008-2864 1 Elinestudio 1 Site Composer 2025-04-09 5.0 MEDIUM N/A
eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path.
CVE-2008-3049 1 Typo3 1 Pdf Generator 2 Extension 2025-04-09 5.0 MEDIUM N/A
The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors.