Vulnerabilities (CVE)

Filtered by CWE-200
Total 9285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1567 1 Microsoft 1 Internet Information Services 2026-06-16 5.8 MEDIUM 7.5 HIGH
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
CVE-2003-1561 1 Opera 1 Opera 2026-06-16 4.3 MEDIUM N/A
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2003-1560 1 Netscape 1 Navigator 2026-06-16 5.0 MEDIUM N/A
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2003-1559 1 Microsoft 2 Ie, Internet Explorer 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2003-1555 1 Scoznet 1 Scozbook 2026-06-16 5.0 MEDIUM N/A
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.
CVE-2003-1553 1 Sips 1 Sips 2026-06-16 4.3 MEDIUM N/A
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory.
CVE-2003-1550 1 Xoops 1 Xoops 2026-06-16 5.0 MEDIUM N/A
XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.
CVE-2003-1548 1 Myabracadaweb 1 Myabracadaweb 2026-06-16 5.0 MEDIUM N/A
MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message.
CVE-2003-1540 1 Wfchat 1 Wfchat 2026-06-16 5.0 MEDIUM N/A
WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt.
CVE-2003-1535 1 Justice Media 1 Guestbook 2026-06-16 5.0 MEDIUM N/A
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message.
CVE-2003-1526 1 Francisco Burzi 1 Php-nuke 2026-06-16 5.0 MEDIUM N/A
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
CVE-2003-1517 1 Dansie 1 Shopping Cart 2026-06-16 5.0 MEDIUM N/A
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
CVE-2003-1486 1 Phorum 1 Phorum 2026-06-16 5.0 MEDIUM N/A
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message.
CVE-2003-1481 1 Stalker 1 Communigate Pro 2026-06-16 5.8 MEDIUM N/A
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
CVE-2003-1469 2 Macromedia, Microsoft 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more 2026-06-16 5.0 MEDIUM N/A
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
CVE-2003-1468 1 Francisco Burzi 1 Php-nuke 2026-06-16 4.3 MEDIUM N/A
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
CVE-2003-1418 1 Apache 1 Http Server 2026-06-16 4.3 MEDIUM N/A
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).
CVE-2003-1409 1 Ej3 1 Topo 2026-06-16 5.0 MEDIUM N/A
TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.
CVE-2003-1408 1 Lotus 1 Domino Server 2026-06-16 5.0 MEDIUM N/A
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
CVE-2003-1404 1 Dotbr 1 Botbr 2026-06-16 7.5 HIGH N/A
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.