Total
8242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1814 | 1 Apache | 1 Rave | 2024-02-04 | 4.0 MEDIUM | N/A |
| The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response. | |||||
| CVE-2013-0982 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 1.7 LOW | N/A |
| The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | |||||
| CVE-2011-3265 | 1 Zabbix | 1 Zabbix | 2024-02-04 | 5.0 MEDIUM | N/A |
| popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter. | |||||
| CVE-2011-1978 | 1 Microsoft | 7 .net Framework, Windows 2003 Server, Windows 7 and 4 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability." | |||||
| CVE-2011-3126 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 5.0 MEDIUM | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects. | |||||
| CVE-2011-0775 | 1 Pivotx | 1 Pivotx | 2024-02-04 | 5.0 MEDIUM | N/A |
| pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-1666 | 1 Metaways | 1 Tine | 2024-02-04 | 5.0 MEDIUM | N/A |
| Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path. | |||||
| CVE-2010-0656 | 2 Apple, Google | 2 Webkit, Chrome | 2024-02-04 | 4.3 MEDIUM | N/A |
| WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document. | |||||
| CVE-2011-1498 | 1 Apache | 1 Httpclient | 2024-02-04 | 4.3 MEDIUM | N/A |
| Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header. | |||||
| CVE-2010-1393 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. | |||||
| CVE-2011-3703 | 1 Anecms | 1 Anecms | 2024-02-04 | 5.0 MEDIUM | N/A |
| AneCMS 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/menu/index.php and certain other files. | |||||
| CVE-2011-3799 | 1 Elazos | 1 Reos | 2024-02-04 | 5.0 MEDIUM | N/A |
| ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files. | |||||
| CVE-2010-3860 | 1 Redhat | 1 Icedtea | 2024-02-04 | 5.0 MEDIUM | N/A |
| IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | |||||
| CVE-2010-3348 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. | |||||
| CVE-2009-4357 | 1 Ibm | 2 Rational Clearcase, Rational Clearquest | 2024-02-04 | 5.0 MEDIUM | N/A |
| CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. | |||||
| CVE-2010-2336 | 1 Yamamah | 1 Yamamah | 2024-02-04 | 5.0 MEDIUM | N/A |
| index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter. | |||||
| CVE-2011-0679 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message." | |||||
| CVE-2009-5112 | 1 Iwork | 1 Webglimpse | 2024-02-04 | 5.0 MEDIUM | N/A |
| wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request. | |||||
| CVE-2012-0647 | 1 Apple | 1 Safari | 2024-02-04 | 5.0 MEDIUM | N/A |
| WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | |||||
| CVE-2011-0178 | 1 Apple | 3 Carboncore, Mac Os X, Mac Os X Server | 2024-02-04 | 2.1 LOW | N/A |
| The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. | |||||