Security Vulnerabilities, CVEs, Published In 2005 (Information Leak) CVSS score >= 6
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.
Max CVSS
7.5
EPSS Score
0.76%
Published
2005-12-31
Updated
2017-08-08
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
Max CVSS
7.8
EPSS Score
0.11%
Published
2005-12-31
Updated
2019-03-25
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
Max CVSS
7.1
EPSS Score
95.49%
Published
2005-12-08
Updated
2021-07-23
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
Max CVSS
6.4
EPSS Score
1.60%
Published
2005-11-21
Updated
2017-07-11
modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value.
Max CVSS
7.5
EPSS Score
0.74%
Published
2005-06-16
Updated
2020-02-10
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
Max CVSS
10.0
EPSS Score
5.32%
Published
2005-01-10
Updated
2018-10-30
6 vulnerabilities found