Total
8242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4466 | 1 Deluxebb | 1 Deluxebb | 2024-02-04 | 5.0 MEDIUM | N/A |
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption). | |||||
CVE-2010-4354 | 1 Cisco | 9 Asa 5500, Pix 500, Vpn 3000 Concentrator and 6 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025. | |||||
CVE-2011-1020 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.6 MEDIUM | N/A |
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. | |||||
CVE-2010-2791 | 2 Apache, Unix | 2 Http Server, Unix | 2024-02-04 | 5.0 MEDIUM | N/A |
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions. | |||||
CVE-2011-0231 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.0 MEDIUM | N/A |
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | |||||
CVE-2010-4565 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. | |||||
CVE-2012-1464 | 1 Netmechanica | 1 Netdecision | 2024-02-04 | 5.0 MEDIUM | N/A |
Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-3806 | 1 Tecnick | 1 Tcexam | 2024-02-04 | 5.0 MEDIUM | N/A |
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files. | |||||
CVE-2011-3736 | 1 Exoscripts | 1 Exophpdesk | 2024-02-04 | 5.0 MEDIUM | N/A |
ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by upgrades/upgrade9.php and certain other files. | |||||
CVE-2010-1914 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. | |||||
CVE-2011-0774 | 1 Pivotx | 1 Pivotx | 2024-02-04 | 5.0 MEDIUM | N/A |
PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message. | |||||
CVE-2010-0042 | 2 Apple, Microsoft | 2 Safari, Windows | 2024-02-04 | 4.3 MEDIUM | N/A |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. | |||||
CVE-2011-3441 | 1 Apple | 1 Iphone Os | 2024-02-04 | 4.3 MEDIUM | N/A |
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. | |||||
CVE-2011-3772 | 1 Php-collab | 1 Phpcollab | 2024-02-04 | 5.0 MEDIUM | N/A |
phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newtopic.php and certain other files. | |||||
CVE-2010-2913 | 2 Apple, Citibank | 2 Iphone Os, Citi Mobile | 2024-02-04 | 2.1 LOW | N/A |
The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer. | |||||
CVE-2010-2982 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2024-02-04 | 7.1 HIGH | N/A |
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037. | |||||
CVE-2011-3764 | 1 Opendocman | 1 Opendocman | 2024-02-04 | 5.0 MEDIUM | N/A |
OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files. | |||||
CVE-2011-4751 | 1 Smartertools | 1 Smarterstats | 2024-02-04 | 5.0 MEDIUM | N/A |
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | |||||
CVE-2011-3809 | 1 Thehostingtool | 1 Thehostingtool | 2024-02-04 | 5.0 MEDIUM | N/A |
TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files. | |||||
CVE-2011-2059 | 1 Cisco | 1 Ios | 2024-02-04 | 5.0 MEDIUM | N/A |
The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219. |