Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6791 | 1 Microsoft | 1 Enhanced Mitigation Experience Toolkit | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack.
|
|||||
| CVE-2014-1637 | 1 Doug Poulin | 1 Command School Student Management System | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.
|
|||||
| CVE-2014-1930 | 1 Visibility Software | 1 Cyber Recruiter | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
|
|||||
| CVE-2013-3233 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
|
|||||
| CVE-2010-2975 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2025-04-11 | 2.1 LOW | N/A |
|
Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
|
|||||
| CVE-2012-4909 | 1 Google | 2 Android, Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.
|
|||||
| CVE-2012-0837 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
|
|||||
| CVE-2013-1140 | 1 Cisco | 1 Security Monitoring Analysis And Response System | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.
|
|||||
| CVE-2013-1831 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
|
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.
|
|||||
| CVE-2012-0328 | 1 Janetter | 1 Janetter | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors.
|
|||||
| CVE-2010-4072 | 5 Canonical, Debian, Linux and 2 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2025-04-11 | 1.9 LOW | N/A |
|
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
|
|||||
| CVE-2011-3721 | 1 Concrete5 | 1 Concrete | 2025-04-11 | 5.0 MEDIUM | N/A |
|
concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files.
|
|||||
| CVE-2010-3417 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.
|
|||||
| CVE-2011-3757 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files.
|
|||||
| CVE-2012-1223 | 1 Rabidhamster | 1 R2\/extreme | 2025-04-11 | 5.0 MEDIUM | N/A |
|
RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack.
|
|||||
| CVE-2011-1713 | 1 Microsoft | 2 Internet Explorer, Windows 7 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.
|
|||||
| CVE-2010-1860 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.
|
|||||
| CVE-2012-3319 | 1 Ibm | 1 Rational Business Developer | 2025-04-11 | 5.0 MEDIUM | N/A |
|
IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product.
|
|||||
| CVE-2011-0178 | 1 Apple | 3 Carboncore, Mac Os X, Mac Os X Server | 2025-04-11 | 2.1 LOW | N/A |
|
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.
|
|||||
| CVE-2013-3469 | 1 Cisco | 1 Mobility Services Engine | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794.
|
|||||
| CVE-2011-4457 | 1 Owasp-java-html-sanitizer Project | 1 Owasp-java-html-sanitizer | 2025-04-11 | 2.6 LOW | N/A |
|
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
|
|||||
| CVE-2013-0519 | 1 Ibm | 1 Sterling Secure Proxy | 2025-04-11 | 5.0 MEDIUM | N/A |
|
IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string.
|
|||||
| CVE-2013-3442 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
|
|||||
| CVE-2011-2536 | 1 Digium | 1 Asterisk | 2025-04-11 | 5.0 MEDIUM | N/A |
|
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.
|
|||||
| CVE-2011-0711 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2025-04-11 | 2.1 LOW | N/A |
|
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.
|
|||||
| CVE-2010-3348 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.
|
|||||
| CVE-2011-3697 | 1 Achievo | 1 Achievo | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files.
|
|||||
| CVE-2012-3733 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply.
|
|||||
| CVE-2013-2273 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2025-04-11 | 5.0 MEDIUM | N/A |
|
bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.
|
|||||
| CVE-2012-3796 | 1 Pro-face | 2 Pro-server Ex, Wingp Pc Runtime | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.
|
|||||
| CVE-2012-3735 | 1 Apple | 1 Iphone Os | 2025-04-11 | 2.1 LOW | N/A |
|
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.
|
|||||
| CVE-2011-3723 | 1 Craftysyntax | 1 Crafty Syntax | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files.
|
|||||
| CVE-2013-7224 | 1 Fatfreecrm | 1 Fat Free Crm | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
|
|||||
| CVE-2012-3749 | 1 Apple | 1 Iphone Os | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.
|
|||||
| CVE-2011-3580 | 1 Icewarp | 1 Mail Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.
|
|||||
| CVE-2011-2983 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.
|
|||||
| CVE-2010-4112 | 1 Hp | 1 Insight Management Agents | 2025-04-11 | 5.0 MEDIUM | N/A |
|
HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path.
|
|||||
| CVE-2013-1665 | 1 Openstack | 2 Folsom, Keystone Essex | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
|
|||||
| CVE-2010-1230 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
|
Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.
|
|||||
| CVE-2013-0792 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image.
|
|||||