Vulnerabilities (CVE)

Filtered by CWE-200
Total 9280 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0001 4 Freebsd, Linux, Microsoft and 1 more 5 Freebsd, Linux Kernel, Windows 2000 and 2 more 2026-06-16 5.0 MEDIUM N/A
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
CVE-2002-2436 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-06-16 4.3 MEDIUM N/A
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
CVE-2002-2435 1 Microsoft 2 Ie, Internet Explorer 2026-06-16 4.3 MEDIUM N/A
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
CVE-2002-2410 1 Open Webmail 1 Open Webmail 2026-06-16 5.0 MEDIUM N/A
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
CVE-2002-2409 1 Qnx 2 Neutrino Rtos, Photon Microgui 2026-06-16 3.5 LOW N/A
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
CVE-2002-2380 2 Arescom, Microsoft 2 Netdsl, Network Firmware 2026-06-16 6.4 MEDIUM N/A
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
CVE-2002-2369 1 Perception 1 Liteserve 2026-06-16 5.0 MEDIUM N/A
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.
CVE-2002-2349 1 Phpbb 1 Phpbbmod 2026-06-16 5.0 MEDIUM N/A
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
CVE-2002-2346 1 Phpbb 1 Phpbb 2026-06-16 5.0 MEDIUM N/A
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
CVE-2002-2342 1 Joe Depasquale 1 Bannermatic 2026-06-16 5.0 MEDIUM N/A
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
CVE-2002-2317 1 Symantec 1 Velociraptor 2026-06-16 7.8 HIGH N/A
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
CVE-2002-2289 1 Working Resources Inc. 1 Badblue 2026-06-16 5.0 MEDIUM N/A
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
CVE-2002-2288 1 Mambo 1 Site Server 2026-06-16 5.0 MEDIUM N/A
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.
CVE-2002-2276 1 Ultimate Php Board 1 Ultimate Php Board 2026-06-16 5.0 MEDIUM N/A
Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.
CVE-2002-1718 1 Microsoft 1 Internet Information Services 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.
CVE-2002-1717 1 Microsoft 1 Internet Information Services 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.
CVE-2002-1432 1 Coxco Support 7 A-cart, Metacart, Midicart Asp and 4 more 2026-06-16 5.0 MEDIUM N/A
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.
CVE-2002-0812 2 Hpe, Proxim 6 Compaq Wl310, Compaq Wl310 Firmware, Orinoco Rg-1000 and 3 more 2026-06-16 6.4 MEDIUM N/A
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
CVE-2002-0596 1 Webtrends 1 Reporting Center 2026-06-16 5.0 MEDIUM N/A
WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message.
CVE-2002-0422 1 Microsoft 1 Internet Information Services 2026-06-16 2.6 LOW N/A
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.