Total
8242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6524 | 1 Opera | 1 Opera Browser | 2024-02-04 | 7.8 HIGH | N/A |
| Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. | |||||
| CVE-2007-1564 | 1 Kde | 1 Konqueror | 2024-02-04 | 6.8 MEDIUM | N/A |
| The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
| CVE-2007-5011 | 1 Wilson Windowware | 1 Webbatch | 2024-02-04 | 5.0 MEDIUM | N/A |
| webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter. | |||||
| CVE-2008-1135 | 1 Omegasoft | 1 Interneserviceslosungen | 2024-02-04 | 5.0 MEDIUM | N/A |
| OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2007-5413 | 1 Hp | 2 Openview Client Configuraton Manager, Openview Configuration Management | 2024-02-04 | 7.8 HIGH | N/A |
| httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root. | |||||
| CVE-2007-5335 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs. | |||||
| CVE-2007-5129 | 1 Boesch-it | 1 Simpgb | 2024-02-04 | 5.0 MEDIUM | N/A |
| SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. | |||||
| CVE-2007-1563 | 1 Opera | 1 Opera Browser | 2024-02-04 | 6.8 MEDIUM | N/A |
| The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
| CVE-2007-5379 | 1 David Hansson | 1 Ruby On Rails | 2024-02-04 | 5.0 MEDIUM | N/A |
| Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file. | |||||
| CVE-2007-2748 | 1 Php | 1 Php | 2024-02-04 | 4.3 MEDIUM | N/A |
| The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | |||||
| CVE-2006-6735 | 1 Obie Website | 1 Mini Web Shop | 2024-02-04 | 5.0 MEDIUM | N/A |
| modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal. | |||||
| CVE-2007-6249 | 1 Gentoo | 2 Linux, Portage | 2024-02-04 | 2.1 LOW | N/A |
| etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. | |||||
| CVE-2007-5034 | 1 Elinks | 1 Elinks | 2024-02-04 | 4.3 MEDIUM | N/A |
| ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https. | |||||
| CVE-2007-0011 | 1 Citrix | 1 Access Gateway | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. | |||||
| CVE-2006-6457 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 5.0 MEDIUM | N/A |
| tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message. | |||||
| CVE-2006-6999 | 1 Headstart Solutions | 1 Deskpro | 2024-02-04 | 4.3 MEDIUM | N/A |
| attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter. | |||||
| CVE-2007-6514 | 2 Apache, Linux | 2 Http Server, Linux Kernel | 2024-02-04 | 4.3 MEDIUM | N/A |
| Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. | |||||
| CVE-2007-2768 | 2 Netapp, Openbsd | 5 Hci Management Node, Hci Storage Node, Solidfire and 2 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. | |||||
| CVE-2008-0041 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
| Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. | |||||
| CVE-2008-0589 | 1 Ibm | 1 Aix | 2024-02-04 | 4.9 MEDIUM | N/A |
| The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors. | |||||