Vulnerabilities > Information Exposure
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-22 | CVE-2006-2535 | Information Exposure vulnerability in Greg Donald Destiney Links Script 2.1.2 index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. | 5.0 |
2006-05-15 | CVE-2006-2356 | Information Exposure vulnerability in Ipswitch Whatsup Professional 2006 NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | 5.0 |
2006-05-12 | CVE-2006-1439 | Information Exposure vulnerability in Apple mac OS X 10.4.6 NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events. | 2.1 |
2006-05-12 | CVE-2006-2341 | Information Exposure vulnerability in Symantec Enterprise Firewall and Gateway Security The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI. | 5.0 |
2006-05-01 | CVE-2006-2111 | Information Exposure vulnerability in Microsoft Outlook Express 6.0 A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." | 4.3 |
2006-02-23 | CVE-2006-0861 | Information Exposure vulnerability in Michael Salzer Guestbox 0.6 Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog. | 5.0 |
2006-02-15 | CVE-2006-0707 | Information Exposure vulnerability in Pyblosxom 1.2.1/1.3 PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable. | 5.0 |
2006-01-22 | CVE-2006-0353 | Information Exposure vulnerability in GNU LSH 2.0.1 unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys. | 3.6 |
2006-01-06 | CVE-2006-0103 | Information Exposure vulnerability in Ralph Capper Tinyphpforum TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information. | 5.0 |
2005-12-31 | CVE-2005-4875 | Information Exposure vulnerability in Typo3 0.4.1/1.1/3.7.0 TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables. | 7.5 |