myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
Max CVSS
5.0
EPSS Score
0.25%
Published
2008-07-09
Updated
2008-09-05
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.
Max CVSS
4.3
EPSS Score
0.24%
Published
2008-07-09
Updated
2008-09-05
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
Max CVSS
5.0
EPSS Score
10.56%
Published
2008-02-12
Updated
2023-02-13
Layton HelpBox 3.7.1 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.
Max CVSS
5.0
EPSS Score
0.40%
Published
2008-01-09
Updated
2017-07-29
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
Max CVSS
5.0
EPSS Score
0.05%
Published
2008-01-18
Updated
2018-10-15
2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters, which reveals the path in various error messages.
Max CVSS
5.0
EPSS Score
0.36%
Published
2008-01-04
Updated
2018-10-15
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules.
Max CVSS
10.0
EPSS Score
1.33%
Published
2008-01-17
Updated
2008-11-15
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.
Max CVSS
5.0
EPSS Score
1.80%
Published
2008-03-04
Updated
2017-09-29
Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.
Max CVSS
5.0
EPSS Score
0.58%
Published
2008-02-12
Updated
2011-03-08
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.
Max CVSS
5.0
EPSS Score
0.97%
Published
2008-03-18
Updated
2017-08-08
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
Max CVSS
6.8
EPSS Score
2.20%
Published
2008-03-18
Updated
2017-08-08
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
Max CVSS
10.0
EPSS Score
80.95%
Published
2008-08-13
Updated
2018-10-15
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
Max CVSS
5.0
EPSS Score
2.04%
Published
2008-07-08
Updated
2019-02-28
Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.
Max CVSS
5.0
EPSS Score
0.38%
Published
2008-01-08
Updated
2018-10-15
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.
Max CVSS
5.0
EPSS Score
0.51%
Published
2008-01-10
Updated
2018-10-15
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.
Max CVSS
5.0
EPSS Score
0.57%
Published
2008-01-10
Updated
2018-10-15
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.
Max CVSS
5.0
EPSS Score
1.27%
Published
2008-01-12
Updated
2017-10-11
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
Max CVSS
5.0
EPSS Score
0.67%
Published
2008-01-16
Updated
2017-09-29
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
Max CVSS
5.0
EPSS Score
0.34%
Published
2008-01-19
Updated
2018-10-26
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
Max CVSS
5.0
EPSS Score
0.38%
Published
2008-01-23
Updated
2018-10-15
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.
Max CVSS
9.3
EPSS Score
6.95%
Published
2008-02-12
Updated
2018-10-15
The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-02-05
Updated
2017-08-08
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
Max CVSS
4.3
EPSS Score
0.61%
Published
2008-02-09
Updated
2018-10-15
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-06-30
Updated
2017-09-29
Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information.
Max CVSS
5.0
EPSS Score
1.36%
Published
2008-02-12
Updated
2018-10-15
190 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!