Total
8242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2226 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-02-04 | 2.1 LOW | N/A |
| The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. | |||||
| CVE-2011-3763 | 1 Opencart | 1 Opencart | 2024-02-04 | 5.0 MEDIUM | N/A |
| OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files. | |||||
| CVE-2010-2639 | 1 Ibm | 1 Websphere Commerce | 2024-02-04 | 5.0 MEDIUM | N/A |
| IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." | |||||
| CVE-2010-1862 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | |||||
| CVE-2011-3502 | 1 Cogentdatahub | 1 Cogent Datahub | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). | |||||
| CVE-2011-3802 | 1 Status | 1 Statusnet | 2024-02-04 | 5.0 MEDIUM | N/A |
| StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files. | |||||
| CVE-2010-3982 | 1 Sap | 1 Businessobjects | 2024-02-04 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | |||||
| CVE-2011-3790 | 1 Piwigo | 1 Piwigo | 2024-02-04 | 5.0 MEDIUM | N/A |
| Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files. | |||||
| CVE-2010-1852 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. | |||||
| CVE-2011-3776 | 1 Musawir Ali | 1 Phpformgenerator | 2024-02-04 | 5.0 MEDIUM | N/A |
| phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php. | |||||
| CVE-2010-2333 | 1 Litespeedtech | 1 Litespeed Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. | |||||
| CVE-2011-4728 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files. | |||||
| CVE-2007-6744 | 1 Flexerasoftware | 1 Installshield | 2024-02-04 | 2.1 LOW | N/A |
| Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe. | |||||
| CVE-2010-1149 | 1 Freedesktop | 1 Udisks | 2024-02-04 | 2.1 LOW | N/A |
| probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/. | |||||
| CVE-2011-3770 | 1 Phpalbum | 1 Phpalbum | 2024-02-04 | 5.0 MEDIUM | N/A |
| phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files. | |||||
| CVE-2011-3791 | 1 Matomo | 1 Matomo | 2024-02-04 | 5.0 MEDIUM | N/A |
| Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files. | |||||
| CVE-2011-3700 | 1 Anelectron | 1 Advanced Electron Forum | 2024-02-04 | 5.0 MEDIUM | N/A |
| Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php. | |||||
| CVE-2009-4609 | 1 Mortbay | 1 Jetty | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable. | |||||
| CVE-2011-4848 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/. | |||||
| CVE-2010-4625 | 1 Mybb | 1 Mybb | 2024-02-04 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page. | |||||