Total
9172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30569 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | N/A | 7.5 HIGH |
| An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. | |||||
| CVE-2024-30570 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | N/A | 5.3 MEDIUM |
| An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. | |||||
| CVE-2024-30571 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | N/A | 7.5 HIGH |
| An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. | |||||
| CVE-2024-6612 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 5.3 MEDIUM |
| CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-43283 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-04 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 23.1.2. | |||||
| CVE-2022-39193 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | N/A | 5.3 MEDIUM |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights. | |||||
| CVE-2003-1561 | 1 Opera | 1 Opera | 2025-04-03 | 4.3 MEDIUM | N/A |
| Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2004-2320 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.8 MEDIUM | N/A |
| The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | |||||
| CVE-2005-4368 | 1 Roundcube | 1 Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
| roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. | |||||
| CVE-2003-1548 | 1 Myabracadaweb | 1 Myabracadaweb | 2025-04-03 | 5.0 MEDIUM | N/A |
| MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message. | |||||
| CVE-2006-3365 | 1 V3 Chat | 1 V3 Chat | 2025-04-03 | 2.6 LOW | N/A |
| V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement. | |||||
| CVE-2005-4214 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 5.0 MEDIUM | N/A |
| phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined. | |||||
| CVE-2002-2410 | 1 Open Webmail | 1 Open Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
| openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. | |||||
| CVE-2006-1367 | 1 Motorola | 2 Pebl U6, V600 | 2025-04-03 | 6.8 MEDIUM | N/A |
| The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one. | |||||
| CVE-2003-1409 | 1 Ej3 | 1 Topo | 2025-04-03 | 5.0 MEDIUM | N/A |
| TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message. | |||||
| CVE-2003-1535 | 1 Justice Media | 1 Guestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
| Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. | |||||
| CVE-2006-0861 | 1 Michael Salzer | 1 Guestbox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog. | |||||
| CVE-2003-1553 | 1 Sips | 1 Sips | 2025-04-03 | 4.3 MEDIUM | N/A |
| Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. | |||||
| CVE-2003-1560 | 1 Netscape | 1 Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||