Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-04 | CVE-2005-3498 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information. | 4.3 |
| 2005-11-01 | CVE-2005-3398 | Information Exposure vulnerability in SUN Solaris and Sunos The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. | 4.3 |
| 2005-11-01 | CVE-2005-2752 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. | 2.1 |
| 2005-10-27 | CVE-2005-3088 | Information Exposure vulnerability in Fetchmail 6.2.0/6.2.5/6.2.5.2 fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords. | 2.1 |
| 2005-06-16 | CVE-2005-2036 | Information Exposure vulnerability in Cool Cafe Chat Cool Cafe Chat 1.2.1 modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value. | 7.5 |
| 2005-05-02 | CVE-2005-1028 | Information Exposure vulnerability in PHPnuke PHP-Nuke PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. | 5.0 |
| 2005-03-15 | CVE-2005-0797 | Remote Information Disclosure vulnerability in Novell iChain Mini FTP Server Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | 5.0 |
| 2004-12-31 | CVE-2004-2748 | Information Exposure vulnerability in Webtrends Reporting Center 6.1A viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | 4.3 |
| 2004-12-31 | CVE-2004-2320 | Information Exposure vulnerability in BEA Weblogic Server The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | 5.8 |
| 2004-08-04 | CVE-2004-1367 | Information Exposure vulnerability in Oracle products Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | 4.4 |