Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5069 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264.
|
|||||
| CVE-2011-3728 | 1 Boonex | 1 Dolphin | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.
|
|||||
| CVE-2012-0687 | 1 Tibco | 7 Activematrix Bpm, Activematrix Businessworks, Activematrix Businessworks Service Engine and 4 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5 ...
Show More |
|||||
| CVE-2011-4756 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilder_edit.php and certain other files.
|
|||||
| CVE-2012-1586 | 1 Debian | 1 Cifs-utils | 2025-04-11 | 2.1 LOW | N/A |
|
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
|
|||||
| CVE-2012-6515 | 1 Efrontlearning | 1 Efront | 2025-04-11 | 5.0 MEDIUM | N/A |
|
eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message.
|
|||||
| CVE-2012-2422 | 1 Intuit | 1 Quickbooks | 2025-04-11 | 2.9 LOW | N/A |
|
Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality.
|
|||||
| CVE-2011-1820 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | 1.7 LOW | N/A |
|
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.
|
|||||
| CVE-2011-3769 | 1 Blondish | 1 Phpads | 2025-04-11 | 5.0 MEDIUM | N/A |
|
PHPads 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ads.inc.php.
|
|||||
| CVE-2011-3786 | 1 Phprojekt | 1 Phprojekt | 2025-04-11 | 5.0 MEDIUM | N/A |
|
PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php.
|
|||||
| CVE-2011-4817 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.
|
|||||
| CVE-2013-1030 | 1 Apple | 1 Mac Os X | 2025-04-11 | 2.1 LOW | N/A |
|
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.
|
|||||
| CVE-2013-4698 | 1 Cybozu | 1 Mailwise | 2025-04-11 | 3.5 LOW | N/A |
|
Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox.
|
|||||
| CVE-2011-2153 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue.
|
|||||
| CVE-2013-4069 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
|
|||||
| CVE-2011-3766 | 1 Orangehrm | 1 Orangehrm | 2025-04-11 | 5.0 MEDIUM | N/A |
|
OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/orange/menu/Menu.php and certain other files.
|
|||||
| CVE-2013-1944 | 2 Canonical, Haxx | 3 Ubuntu Linux, Curl, Libcurl | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
|
|||||
| CVE-2012-1243 | 2 Google, Studiohitori | 2 Android, Twitrocker2 Android | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
|
|||||
| CVE-2013-6656 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2012-4116 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970.
|
|||||
| CVE-2013-3237 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
|
|||||
| CVE-2013-6419 | 1 Openstack | 1 Havana | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.
|
|||||
| CVE-2012-5615 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
|
|||||
| CVE-2011-3798 | 1 Rapidleech | 1 Rapidleech | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files.
|
|||||
| CVE-2010-2484 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.
|
|||||
| CVE-2013-0212 | 2 Canonical, Openstack | 2 Ubuntu Linux, Image Registry And Delivery Service \(glance\) | 2025-04-11 | 4.0 MEDIUM | N/A |
|
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
|
|||||
| CVE-2011-4872 | 1 Htc | 9 Desire Hd, Desire S, Droid Incredible and 6 more | 2025-04-11 | 2.6 LOW | N/A |
|
Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.
|
|||||
| CVE-2012-3493 | 1 Condor Project | 1 Condor | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.
|
|||||
| CVE-2011-3806 | 1 Tecnick | 1 Tcexam | 2025-04-11 | 5.0 MEDIUM | N/A |
|
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.
|
|||||
| CVE-2011-0774 | 1 Pivotx | 1 Pivotx | 2025-04-11 | 5.0 MEDIUM | N/A |
|
PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.
|
|||||
| CVE-2011-4740 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
|
|||||
| CVE-2012-1171 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
|
|||||
| CVE-2011-3736 | 1 Exoscripts | 1 Exophpdesk | 2025-04-11 | 5.0 MEDIUM | N/A |
|
ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by upgrades/upgrade9.php and certain other files.
|
|||||
| CVE-2013-1615 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2025-04-11 | 2.9 LOW | N/A |
|
The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls.
|
|||||
| CVE-2010-0551 | 1 Geopp | 1 Geo\+\+ Gncaster | 2025-04-11 | 5.0 MEDIUM | N/A |
|
HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak" by some sources, but is better characterized as "memory disclosure."
|
|||||
| CVE-2012-4254 | 1 Mysqldumper | 1 Mysqldumper | 2025-04-11 | 4.3 MEDIUM | N/A |
|
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.
|
|||||
| CVE-2012-3249 | 1 Hp | 1 Fortify Software Security Center | 2025-04-11 | 4.0 MEDIUM | N/A |
|
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2011-4760 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files.
|
|||||
| CVE-2013-4044 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request.
|
|||||
| CVE-2010-2097 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
|
|||||