Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1481 | Information Exposure vulnerability in Stalker Communigate PRO CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | 5.8 |
| 2003-12-31 | CVE-2003-1469 | Information Exposure vulnerability in Macromedia Coldfusion and Coldfusion Professional The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | 5.0 |
| 2003-12-31 | CVE-2003-1468 | Information Exposure vulnerability in Francisco Burzi PHP-Nuke The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | 4.3 |
| 2003-12-31 | CVE-2003-1418 | Information Exposure vulnerability in Apache Http Server Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). | 4.3 |
| 2003-12-31 | CVE-2003-1409 | Information Exposure vulnerability in EJ3 Topo 1.43 TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message. | 5.0 |
| 2003-12-31 | CVE-2003-1408 | Information Exposure vulnerability in Lotus Domino Server 5.0/6.0 Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | 5.0 |
| 2003-12-31 | CVE-2003-1404 | Information Exposure vulnerability in Dotbr Botbr 0.1 DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | 7.5 |
| 2003-12-31 | CVE-2003-1398 | Information Exposure vulnerability in Cisco IOS Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | 9.3 |
| 2003-12-31 | CVE-2003-1379 | Information Exposure vulnerability in Point Clark Networks Clarkconnect 1.2 clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages. | 5.0 |
| 2003-12-31 | CVE-2003-1366 | Information Exposure vulnerability in Openbsd chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | 3.3 |