Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2715 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.
|
|||||
| CVE-2009-0852 | 1 Stewart Howe | 1 Celerbb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.
|
|||||
| CVE-2008-0994 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.6 LOW | N/A |
|
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.
|
|||||
| CVE-2009-4529 | 1 Intervations | 1 Navicopa Web Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs.
|
|||||
| CVE-2008-6342 | 2 Lobacher Patrick, Typo3 | 2 Simplefilebrowser, Typo3 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
|
|||||
| CVE-2008-3896 | 1 Gnu | 1 Grub Legacy | 2025-04-09 | 2.1 LOW | N/A |
|
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
|
|||||
| CVE-2009-3882 | 1 Sun | 3 Jdk, Jre, Openjdk | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.
|
|||||
| CVE-2008-4412 | 1 Hp | 1 Systems Insight Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2007-0259 | 1 Ezboxx | 1 Ezboxx Portal System | 2025-04-09 | 7.8 HIGH | N/A |
|
Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message.
|
|||||
| CVE-2008-6955 | 1 Infireal | 1 Mxcamarchive | 2025-04-09 | 7.5 HIGH | N/A |
|
mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini.
|
|||||
| CVE-2009-2031 | 1 Sun | 1 Opensolaris | 2025-04-09 | 2.1 LOW | N/A |
|
smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes.
|
|||||
| CVE-2007-6043 | 1 Microsoft | 1 Windows 2000 | 2025-04-09 | 7.1 HIGH | N/A |
|
The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
|
|||||
| CVE-2009-0123 | 2 Apple, Microsoft | 3 Mac Os X, Safari, Windows | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2007-6536 | 1 Google | 1 Toolbar | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.
|
|||||
| CVE-2008-3049 | 1 Typo3 | 1 Pdf Generator 2 Extension | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2008-6159 | 1 Hans Oesterholt | 1 Cmme | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function.
|
|||||
| CVE-2007-5774 | 1 Flatnuke3 | 1 Flatnuke3 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message.
|
|||||
| CVE-2009-4326 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
|
|||||
| CVE-2008-3451 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-09 | 4.0 MEDIUM | N/A |
|
PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.
|
|||||
| CVE-2007-6095 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users.
|
|||||
| CVE-2009-0391 | 1 Ibm | 2 Websphere Application Server, Zos | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors.
|
|||||
| CVE-2007-5011 | 1 Wilson Windowware | 1 Webbatch | 2025-04-09 | 5.0 MEDIUM | N/A |
|
webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter.
|
|||||
| CVE-2007-5264 | 1 Battlefront | 1 Dropteam | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information.
|
|||||
| CVE-2007-2590 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
|
|||||
| CVE-2009-4322 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 5.0 MEDIUM | N/A |
|
extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
|
|||||
| CVE-2007-6418 | 1 Debian | 1 Debian Linux | 2025-04-09 | 2.1 LOW | N/A |
|
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
|
|||||
| CVE-2008-0593 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
|
|||||
| CVE-2008-3644 | 1 Apple | 1 Safari | 2025-04-09 | 1.9 LOW | N/A |
|
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
|
|||||
| CVE-2009-2797 | 2 Apple, Canonical | 2 Iphone Os, Ubuntu Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
|
|||||
| CVE-2007-5576 | 2 Bea, Oracle | 5 Tuxedo, Weblogic Integration, Weblogic Server and 2 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
|
|||||
| CVE-2008-0904 | 1 Bea Systems | 2 Aqualogic Interaction, Plumtree Collaboration | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.
|
|||||
| CVE-2007-5637 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier.
|
|||||
| CVE-2007-2022 | 2 Adobe, Opera | 2 Flash Player, Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
|
|||||
| CVE-2008-0996 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 1.7 LOW | N/A |
|
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
|
|||||
| CVE-2006-5702 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, ( ...
Show More |
|||||
| CVE-2007-5196 | 1 Suse | 1 Suse Linux | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.
|
|||||
| CVE-2009-2856 | 1 Sun | 2 Solaris, Virtual Desktop Infrastructure | 2025-04-09 | 3.5 LOW | N/A |
|
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.
|
|||||
| CVE-2007-2768 | 2 Netapp, Openbsd | 5 Hci Management Node, Hci Storage Node, Solidfire and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
|
|||||
| CVE-2009-3628 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.
|
|||||
| CVE-2009-2956 | 1 Ibm | 1 Websphere Commerce Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
|
|||||