Total
8242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4115 | 1 Talkback | 1 Talkback | 2024-02-04 | 5.0 MEDIUM | N/A |
| TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | |||||
| CVE-2009-3544 | 1 Xerver | 1 Xerver | 2024-02-04 | 5.0 MEDIUM | N/A |
| Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. | |||||
| CVE-2008-0052 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 6.8 MEDIUM | N/A |
| CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | |||||
| CVE-2009-3600 | 1 Freewebscriptz | 1 Hubscript | 2024-02-04 | 5.0 MEDIUM | N/A |
| HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2008-3458 | 1 Vtiger | 1 Vtiger Crm | 2024-02-04 | 5.0 MEDIUM | N/A |
| Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. | |||||
| CVE-2008-2681 | 1 Realm Project | 1 Realm Cms | 2024-02-04 | 5.0 MEDIUM | N/A |
| Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message. | |||||
| CVE-2009-1769 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-0050 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | |||||
| CVE-2008-6420 | 1 Socialsitegenerator | 1 Social Site Generator | 2024-02-04 | 5.0 MEDIUM | N/A |
| Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. | |||||
| CVE-2008-1291 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2024-02-04 | 4.3 MEDIUM | N/A |
| ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | |||||
| CVE-2008-6537 | 1 Lightneasy | 1 Lightneasy | 2024-02-04 | 5.0 MEDIUM | N/A |
| LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST. | |||||
| CVE-2008-4688 | 1 Mantis | 1 Mantis | 2024-02-04 | 5.0 MEDIUM | N/A |
| core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number. | |||||
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2024-02-04 | 7.5 HIGH | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | |||||
| CVE-2008-1014 | 1 Apple | 1 Quicktime | 2024-02-04 | 4.3 MEDIUM | N/A |
| Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2008-5076 | 1 Htop | 1 Htop | 2024-02-04 | 4.6 MEDIUM | N/A |
| htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings." | |||||
| CVE-2009-3883 | 1 Sun | 3 Jdk, Jre, Openjdk | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. | |||||
| CVE-2009-0358 | 1 Mozilla | 1 Firefox | 2024-02-04 | 3.3 LOW | N/A |
| Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | |||||
| CVE-2009-0783 | 1 Apache | 1 Tomcat | 2024-02-04 | 4.6 MEDIUM | 4.2 MEDIUM |
| Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | |||||
| CVE-2008-1005 | 1 Apple | 1 Safari | 2024-02-04 | 2.1 LOW | N/A |
| WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. | |||||
| CVE-2008-6561 | 2 Citrix, Microsoft | 2 Presentation Server Client, Windows | 2024-02-04 | 1.9 LOW | N/A |
| Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | |||||