Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4301 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 5.0 MEDIUM | N/A |
|
includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.
|
|||||
| CVE-2011-3768 | 1 Phorum | 1 Phorum | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.
|
|||||
| CVE-2012-6546 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 1.9 LOW | N/A |
|
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
|
|||||
| CVE-2011-2088 | 2 Apache, Opensymphony | 3 Struts, Webwork, Xwork | 2025-04-11 | 5.0 MEDIUM | N/A |
|
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
|
|||||
| CVE-2012-4429 | 1 David King | 1 Vino | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.
|
|||||
| CVE-2012-5473 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search.
|
|||||
| CVE-2010-0648 | 1 Mozilla | 1 Firefox | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
|
|||||
| CVE-2013-3234 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
|
|||||
| CVE-2013-5054 | 1 Microsoft | 2 Office, Office 2013 Rt | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."
|
|||||
| CVE-2012-5765 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.
|
|||||
| CVE-2010-1862 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
|
|||||
| CVE-2012-5652 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
|
|||||
| CVE-2011-2909 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string.
|
|||||
| CVE-2011-0579 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2013-3972 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2008-7281 | 1 Otrs | 1 Otrs | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field.
|
|||||
| CVE-2012-1858 | 1 Microsoft | 9 Internet Explorer, Lync, Office Communicator and 6 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
|
|||||
| CVE-2013-6789 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 5.0 MEDIUM | N/A |
|
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.
|
|||||
| CVE-2011-3765 | 1 Open-realty | 1 Open-realty | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files.
|
|||||
| CVE-2013-4112 | 2 Jgroups, Redhat | 2 Jgroup, Jboss Enterprise Application Platform | 2025-04-11 | 5.4 MEDIUM | N/A |
|
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
|
|||||
| CVE-2010-4760 | 1 Otrs | 1 Otrs | 2025-04-11 | 3.5 LOW | N/A |
|
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
|
|||||
| CVE-2013-1928 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 4.7 MEDIUM | N/A |
|
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.
|
|||||
| CVE-2011-3126 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
|
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.
|
|||||
| CVE-2011-3803 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-11 | 5.0 MEDIUM | N/A |
|
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
|
|||||
| CVE-2009-5112 | 1 Iwork | 1 Webglimpse | 2025-04-11 | 5.0 MEDIUM | N/A |
|
wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request.
|
|||||
| CVE-2013-1231 | 1 Cisco | 2 Webex Meetings Server, Webex Node For Mcs | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629.
|
|||||
| CVE-2012-3034 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 4.3 MEDIUM | N/A |
|
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls.
|
|||||
| CVE-2010-2754 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 5.0 MEDIUM | N/A |
|
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
|
|||||
| CVE-2010-2612 | 1 Hp | 2 Openvms, Openvms For Integrity Servers | 2025-04-11 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.
|
|||||
| CVE-2011-3767 | 1 Oscommerce | 1 Oscommerce | 2025-04-11 | 5.0 MEDIUM | N/A |
|
osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php.
|
|||||
| CVE-2012-3829 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
|
|||||
| CVE-2012-3519 | 1 Tor | 1 Tor | 2025-04-11 | 5.0 MEDIUM | N/A |
|
routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack.
|
|||||
| CVE-2012-4005 | 1 Naver | 1 Nhn Japan Naver Line | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application.
|
|||||
| CVE-2011-3829 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | 4.0 MEDIUM | N/A |
|
ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.
|
|||||
| CVE-2011-4738 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files.
|
|||||
| CVE-2013-6953 | 1 Dotnetblogengine | 1 Blogengine.net | 2025-04-11 | 5.0 MEDIUM | N/A |
|
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
|
|||||
| CVE-2012-1466 | 1 Netmechanica | 1 Netdecision | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-0385 | 1 Tor | 1 Tor | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query.
|
|||||
| CVE-2012-5589 | 2 Drupal, Netgenius | 2 Drupal, Multilink | 2025-04-11 | 3.5 LOW | N/A |
|
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.
|
|||||
| CVE-2012-2302 | 2 Drupal, Nancy Wichmann | 2 Drupal, Sitedoc | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||