Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5461 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.
|
|||||
| CVE-2007-5333 | 1 Apache | 1 Tomcat | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
|
|||||
| CVE-2007-5654 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
|
|||||
| CVE-2009-1680 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | 2.1 LOW | N/A |
|
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.
|
|||||
| CVE-2009-4530 | 1 Sergey Lyubka | 1 Mongoose | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI.
|
|||||
| CVE-2009-0474 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603.
|
|||||
| CVE-2009-0842 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2025-04-09 | 4.3 MEDIUM | N/A |
|
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.
|
|||||
| CVE-2008-2120 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.
|
|||||
| CVE-2007-5129 | 1 Boesch-it | 1 Simpgb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.
|
|||||
| CVE-2009-3881 | 1 Sun | 2 Jre, Openjdk | 2025-04-09 | 7.5 HIGH | N/A |
|
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.
|
|||||
| CVE-2008-4491 | 1 Apple | 2 Mac Os X, Mail | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.
|
|||||
| CVE-2009-3097 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2009-2042 | 1 Libpng | 1 Libpng | 2025-04-09 | 4.3 MEDIUM | N/A |
|
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
|
|||||
| CVE-2008-1005 | 1 Apple | 1 Safari | 2025-04-09 | 2.1 LOW | N/A |
|
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
|
|||||
| CVE-2009-0348 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
|
|||||
| CVE-2009-4175 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2025-04-09 | 5.0 MEDIUM | N/A |
|
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
|
|||||
| CVE-2005-4881 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_ ...
Show More |
|||||
| CVE-2008-5683 | 1 Opera | 1 Opera Browser | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
|
|||||
| CVE-2007-2402 | 1 Apple | 1 Quicktime | 2025-04-09 | 4.3 MEDIUM | N/A |
|
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
|
|||||
| CVE-2009-3086 | 1 Rubyonrails | 1 Rails | 2025-04-09 | 5.0 MEDIUM | N/A |
|
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.
|
|||||
| CVE-2008-5507 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
|
|||||
| CVE-2008-1288 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | 5.0 MEDIUM | N/A |
|
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.
|
|||||
| CVE-2008-2027 | 1 Rsa | 1 Authentication Agent | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action.
|
|||||
| CVE-2008-1181 | 1 Juniper | 1 Secure Access 2000 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message.
|
|||||
| CVE-2009-0229 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
|
|||||
| CVE-2008-1717 | 1 Woltlab | 1 Burning Board | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.
|
|||||
| CVE-2008-5460 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 2.6 LOW | N/A |
|
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.
|
|||||
| CVE-2009-2274 | 1 Huawei | 1 D100 | 2025-04-09 | 7.8 HIGH | N/A |
|
The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.
|
|||||
| CVE-2007-6476 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2025-04-09 | 5.0 MEDIUM | N/A |
|
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
|
|||||
| CVE-2008-5012 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.
|
|||||
| CVE-2008-5519 | 1 Apache | 2 Mod Jk, Tomcat | 2025-04-09 | 2.6 LOW | N/A |
|
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
|
|||||
| CVE-2009-2332 | 1 Cms.tut.su | 1 Cms Chainuk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message.
|
|||||
| CVE-2008-2159 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 2.1 LOW | N/A |
|
Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.
|
|||||
| CVE-2007-0058 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.
|
|||||
| CVE-2009-0678 | 1 Ravenphpscripts | 1 Ravennuke | 2025-04-09 | 5.0 MEDIUM | N/A |
|
images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.
|
|||||
| CVE-2008-5107 | 1 Citrix | 2 Desktop Server, Presentation Server | 2025-04-09 | 1.9 LOW | N/A |
|
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
|
|||||
| CVE-2009-3002 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, re ...
Show More |
|||||
| CVE-2007-5431 | 2 Javaatwork, Scottmanktelow | 2 Myftpuploader Module, Stride | 2025-04-09 | 7.8 HIGH | N/A |
|
include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code.
|
|||||
| CVE-2008-3259 | 1 Openbsd | 1 Openssh | 2025-04-09 | 1.2 LOW | N/A |
|
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
|
|||||
| CVE-2008-3141 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
|
|||||