Vulnerabilities (CVE)

Filtered by CWE-200
Total 8080 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4514 1 Hp 1 Procurve Manager 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors.
CVE-2007-6702 1 Goahead Software 2 Fs4104-aw Device, Goahead Webserver 2025-04-09 5.0 MEDIUM N/A
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.
CVE-2008-4821 2 Adobe, Mozilla 4 Flash Player, Camino, Firefox and 1 more 2025-04-09 4.3 MEDIUM N/A
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
CVE-2008-5683 1 Opera 1 Opera Browser 2025-04-09 7.8 HIGH N/A
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
CVE-2009-0842 2 Osgeo, Umn 2 Mapserver, Mapserver 2025-04-09 4.3 MEDIUM N/A
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.
CVE-2008-3168 1 Empire Server 1 Empire Server 2025-04-09 5.0 MEDIUM N/A
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.
CVE-2009-0143 1 Apple 1 Itunes 2025-04-09 4.3 MEDIUM N/A
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
CVE-2007-5550 1 Cisco 1 Ios 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2008-1782 1 Advanced Software Engineering 1 Chartdirector 2025-04-09 5.0 MEDIUM N/A
phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter.
CVE-2009-0229 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more 2025-04-09 4.9 MEDIUM N/A
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
CVE-2008-4216 1 Apple 1 Safari 2025-04-09 4.3 MEDIUM N/A
The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."
CVE-2009-0320 1 Microsoft 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more 2025-04-09 4.0 MEDIUM N/A
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
CVE-2008-5346 1 Sun 3 Jdk, Jre, Sdk 2025-04-09 7.1 HIGH N/A
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file.
CVE-2008-5460 1 Oracle 1 Bea Product Suite 2025-04-09 2.6 LOW N/A
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.
CVE-2008-3900 1 Intel 1 Bios 2025-04-09 2.1 LOW N/A
Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
CVE-2007-5934 1 Pear 1 Structures Datagrid Datasource Mdb2 2025-04-09 4.3 MEDIUM N/A
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.
CVE-2008-3138 2 Rpath, Wireshark 2 Rpath Linux, Wireshark 2025-04-09 5.0 MEDIUM N/A
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
CVE-2008-6722 1 Novell 1 Access Manager 2025-04-09 1.9 LOW N/A
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
CVE-2007-1194 1 Norman 1 Norman Sandbox Analyzer 2025-04-09 2.1 LOW N/A
Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.
CVE-2008-3474 1 Microsoft 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more 2025-04-09 4.3 MEDIUM 6.5 MEDIUM
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability."