Export limit exceeded: 26070 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26070 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-1117 | 1 Ibm | 1 Lotus Notes | 2026-04-16 | N/A |
| The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method. | ||||
| CVE-2002-0208 | 1 Network.associates | 1 Pgpfire | 2026-04-16 | N/A |
| PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire. | ||||
| CVE-2002-0419 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server. | ||||
| CVE-2002-2288 | 1 Mambo | 1 Site Server | 2026-04-16 | N/A |
| Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. | ||||
| CVE-2003-1559 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | ||||
| CVE-2003-1025 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||||
| CVE-2004-0294 | 1 Yabbforumsoftware | 1 Yet Another Bulletin Board | 2026-04-16 | N/A |
| YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack. | ||||
| CVE-2003-1450 | 1 Bitchx | 1 Bitchx | 2026-04-16 | N/A |
| BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message. | ||||
| CVE-2002-0422 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | N/A |
| IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. | ||||
| CVE-2006-2341 | 1 Symantec | 2 Enterprise Firewall, Gateway Security | 2026-04-16 | N/A |
| The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI. | ||||
| CVE-2003-1550 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message. | ||||
| CVE-2003-1548 | 1 Myabracadaweb | 1 Myabracadaweb | 2026-04-16 | N/A |
| MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message. | ||||
| CVE-2003-1440 | 1 Burton Computer Corporation | 1 Spamprobe | 2026-04-16 | N/A |
| SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions. | ||||
| CVE-2000-0380 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. | ||||
| CVE-2003-1463 | 2 Alt-n, Microsoft | 2 Webadmin, All Windows | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. | ||||
| CVE-2003-0825 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2026-04-16 | N/A |
| The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-2003-1443 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2026-04-16 | N/A |
| Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com. | ||||
| CVE-2003-1540 | 1 Wfchat | 1 Wfchat | 2026-04-16 | N/A |
| WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt. | ||||
| CVE-2003-1471 | 1 Alt-n | 1 Mdaemon | 2026-04-16 | N/A |
| MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number. | ||||
| CVE-1999-0468 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 8.2 High |
| Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. | ||||