Total
8383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0353 | 1 Gnu | 1 Lsh | 2025-04-03 | 3.6 LOW | N/A |
| unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys. | |||||
| CVE-2000-0588 | 1 Sawmill | 1 Sawmill | 2025-04-03 | 5.0 MEDIUM | N/A |
| SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands. | |||||
| CVE-2006-0707 | 1 Pyblosxom | 1 Pyblosxom | 2025-04-03 | 5.0 MEDIUM | N/A |
| PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable. | |||||
| CVE-2005-3747 | 1 Mortbay | 1 Jetty | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758. | |||||
| CVE-2002-2349 | 1 Phpbb | 1 Phpbbmod | 2025-04-03 | 5.0 MEDIUM | N/A |
| phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. | |||||
| CVE-2006-1367 | 1 Motorola | 2 Pebl U6, V600 | 2025-04-03 | 6.8 MEDIUM | N/A |
| The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one. | |||||
| CVE-1999-0606 | 1 Seaside Enterprises | 1 Ezmall | 2025-04-03 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. | |||||
| CVE-1999-0372 | 1 Microsoft | 3 Backoffice, Windows 2000, Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
| The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. | |||||
| CVE-2006-3561 | 1 Bt | 1 Voyager 2091 Wireless Adsl Router | 2025-04-03 | 5.0 MEDIUM | N/A |
| BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c. | |||||
| CVE-2006-2900 | 2 Canon, Microsoft | 2 Network Camera Server Vb101, Ie | 2025-04-03 | 4.0 MEDIUM | N/A |
| Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | |||||
| CVE-2005-3398 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.3 MEDIUM | N/A |
| The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. | |||||
| CVE-2003-0456 | 1 Deerfield | 1 Visnetic Website | 2025-04-03 | 5.0 MEDIUM | N/A |
| VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. | |||||
| CVE-2000-0132 | 1 Microsoft | 1 Virtual Machine | 2025-04-03 | 2.6 LOW | N/A |
| Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. | |||||
| CVE-1999-0059 | 1 Sgi | 1 Irix | 2025-04-03 | 7.1 HIGH | 7.3 HIGH |
| IRIX fam service allows an attacker to obtain a list of all files on the server. | |||||
| CVE-2006-2341 | 1 Symantec | 2 Enterprise Firewall, Gateway Security | 2025-04-03 | 5.0 MEDIUM | N/A |
| The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI. | |||||
| CVE-2006-2535 | 1 Greg Donald | 1 Destiney Links Script | 2025-04-03 | 5.0 MEDIUM | N/A |
| index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory traversal. | |||||
| CVE-2006-4006 | 1 Bomberclone | 1 Bomberclone | 2025-04-03 | 5.0 MEDIUM | N/A |
| The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory. | |||||
| CVE-2003-1398 | 1 Cisco | 1 Ios | 2025-04-03 | 9.3 HIGH | N/A |
| Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | |||||
| CVE-2002-2276 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message. | |||||
| CVE-2006-0861 | 1 Michael Salzer | 1 Guestbox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog. | |||||