Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4298 | 1 Moodle | 1 Moodle | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
|
|||||
| CVE-2008-4125 | 1 Phpbb | 1 Phpbb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632.
|
|||||
| CVE-2007-6405 | 1 Shttpd | 1 Shttpd | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
|
|||||
| CVE-2008-3168 | 1 Empire Server | 1 Empire Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.
|
|||||
| CVE-2008-4069 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
|
|||||
| CVE-2007-1564 | 1 Kde | 1 Konqueror | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
|
|||||
| CVE-2008-3474 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability."
|
|||||
| CVE-2007-6606 | 1 Openbiblio | 1 Openbiblio | 2025-04-09 | 5.0 MEDIUM | N/A |
|
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
|
|||||
| CVE-2009-3554 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-09 | 2.1 LOW | N/A |
|
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2009-0580 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
|
|||||
| CVE-2007-6514 | 2 Apache, Linux | 2 Http Server, Linux Kernel | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
|
|||||
| CVE-2009-3946 | 1 Joomla | 1 Joomla\! | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.
|
|||||
| CVE-2008-1270 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
|
|||||
| CVE-2007-6524 | 1 Opera | 1 Opera Browser | 2025-04-09 | 7.8 HIGH | N/A |
|
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.
|
|||||
| CVE-2008-5420 | 1 Emc | 1 Control Center | 2025-04-09 | 7.8 HIGH | N/A |
|
The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.
|
|||||
| CVE-2008-3900 | 1 Intel | 1 Bios | 2025-04-09 | 2.1 LOW | N/A |
|
Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
|
|||||
| CVE-2007-5420 | 1 3com | 1 3crwe554g72t | 2025-04-09 | 2.6 LOW | N/A |
|
The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details.
|
|||||
| CVE-2008-1113 | 2 Cisco, Vocera Communications | 2 7921 Wireless Ip Phone, Vocera Communications Badge | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
|
|||||
| CVE-2008-2004 | 1 Qemu | 1 Qemu | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
|
|||||
| CVE-2006-6457 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | 5.0 MEDIUM | N/A |
|
tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.
|
|||||
| CVE-2009-1292 | 2 Ibm, Unix | 3 Aix, Rational Clearcase, Unix | 2025-04-09 | 2.1 LOW | N/A |
|
UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process.
|
|||||
| CVE-2009-4170 | 2 Roytanck, Wordpress | 2 Wp-cumulus, Wordpress | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message.
|
|||||
| CVE-2009-1140 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | 7.1 HIGH | N/A |
|
Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."
|
|||||
| CVE-2009-1706 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.
|
|||||
| CVE-2008-3010 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Media Player and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
|
|||||
| CVE-2008-3139 | 2 Rpath, Wireshark | 2 Rpath Linux, Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
|
|||||
| CVE-2009-1718 | 1 Apple | 1 Safari | 2025-04-09 | 7.1 HIGH | N/A |
|
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
|
|||||
| CVE-2009-1076 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
|
|||||
| CVE-2009-2711 | 2 Sun, X.org | 3 Opensolaris, Solaris, X11 | 2025-04-09 | 4.9 MEDIUM | N/A |
|
XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.
|
|||||
| CVE-2009-3600 | 1 Freewebscriptz | 1 Hubscript | 2025-04-09 | 5.0 MEDIUM | N/A |
|
HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function.
|
|||||
| CVE-2008-7187 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.
|
|||||
| CVE-2006-7086 | 1 Mrcgiguy | 1 Hot Links | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.
|
|||||
| CVE-2008-2329 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 1.9 LOW | N/A |
|
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
|
|||||
| CVE-2008-4688 | 1 Mantis | 1 Mantis | 2025-04-09 | 5.0 MEDIUM | N/A |
|
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
|
|||||
| CVE-2009-4531 | 1 Jasper | 1 Httpdx | 2025-04-09 | 5.0 MEDIUM | N/A |
|
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
|
|||||
| CVE-2008-1580 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
|
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.
|
|||||
| CVE-2007-5172 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message.
|
|||||
| CVE-2009-3756 | 1 Kreotek | 1 Phpbms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message.
|
|||||
| CVE-2007-3008 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
|
|||||
| CVE-2007-1562 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
|
|||||