Search Results (10764 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0606 1 Seaside Enterprises 1 Ezmall 2026-04-16 N/A
An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information.
CVE-1999-0605 1 Austin Contract Computing 1 Merchant Order Form 2026-04-16 N/A
An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.
CVE-2005-2036 1 Cool Cafe Chat 1 Cool Cafe Chat 2026-04-16 N/A
modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value.
CVE-2003-1409 1 Ej3 1 Topo 2026-04-16 N/A
TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.
CVE-2003-1418 1 Apache 1 Http Server 2026-04-16 N/A
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).
CVE-2003-1468 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
CVE-1999-0348 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
CVE-2003-1469 2 Macromedia, Microsoft 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more 2026-04-16 N/A
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
CVE-2003-1481 1 Stalker 1 Communigate Pro 2026-04-16 N/A
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
CVE-2003-1486 1 Phorum 1 Phorum 2026-04-16 N/A
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message.
CVE-2003-1517 1 Dansie 1 Shopping Cart 2026-04-16 N/A
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
CVE-2003-1526 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
CVE-2003-1535 1 Justice Media 1 Guestbook 2026-04-16 N/A
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message.
CVE-2003-1540 1 Wfchat 1 Wfchat 2026-04-16 N/A
WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt.
CVE-2003-1548 1 Myabracadaweb 1 Myabracadaweb 2026-04-16 N/A
MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message.
CVE-2003-1550 1 Xoops 1 Xoops 2026-04-16 N/A
XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.
CVE-2003-1404 1 Dotbr 1 Botbr 2026-04-16 N/A
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.
CVE-2003-1553 1 Sips 1 Sips 2026-04-16 N/A
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory.
CVE-2003-1555 1 Scoznet 1 Scozbook 2026-04-16 N/A
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.
CVE-2003-1559 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.