Search
Total
2412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6193 | 1 Citrix | 1 Netscaler | 2018-10-15 | 5.0 MEDIUM | N/A |
| The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. | |||||
| CVE-2007-6161 | 1 Tilde | 1 Tilde Cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path. | |||||
| CVE-2007-5958 | 1 X.org | 1 Xserver | 2018-10-15 | 5.0 MEDIUM | N/A |
| X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. | |||||
| CVE-2007-5922 | 2 Bitchx, Cypress | 2 Bitchx, Cypress | 2018-10-15 | 5.0 MEDIUM | N/A |
| The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. | |||||
| CVE-2007-5899 | 1 Php | 1 Php | 2018-10-15 | 4.3 MEDIUM | N/A |
| The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. | |||||
| CVE-2007-5778 | 1 Mobile-spy | 1 Mobile-spy | 2018-10-15 | 6.4 MEDIUM | N/A |
| Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | |||||
| CVE-2007-5638 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2018-10-15 | 4.3 MEDIUM | N/A |
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages. | |||||
| CVE-2007-5637 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2018-10-15 | 4.3 MEDIUM | N/A |
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier. | |||||
| CVE-2007-5444 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-15 | 5.0 MEDIUM | N/A |
| CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files. | |||||
| CVE-2007-5432 | 1 Scottmanktelow | 1 Stride Cms | 2018-10-15 | 7.5 HIGH | N/A |
| Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php. | |||||
| CVE-2007-5431 | 2 Javaatwork, Scottmanktelow | 2 Myftpuploader Module, Stride | 2018-10-15 | 7.8 HIGH | N/A |
| include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code. | |||||
| CVE-2007-5420 | 1 3com | 1 3crwe554g72t | 2018-10-15 | 2.6 LOW | N/A |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. | |||||
| CVE-2007-5413 | 1 Hp | 2 Openview Client Configuraton Manager, Openview Configuration Management | 2018-10-15 | 7.8 HIGH | N/A |
| httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root. | |||||
| CVE-2007-5337 | 3 Gnome, Linux, Mozilla | 4 Gnome-vfs, Linux Kernel, Firefox and 1 more | 2018-10-15 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | |||||
| CVE-2007-5264 | 1 Battlefront | 1 Dropteam | 2018-10-15 | 5.0 MEDIUM | N/A |
| Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information. | |||||
| CVE-2007-5129 | 1 Boesch-it | 1 Simpgb | 2018-10-15 | 5.0 MEDIUM | N/A |
| SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. | |||||
| CVE-2007-5034 | 1 Elinks | 1 Elinks | 2018-10-15 | 4.3 MEDIUM | N/A |
| ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https. | |||||
| CVE-2007-4861 | 1 Quirm | 1 Saxon | 2018-10-15 | 5.0 MEDIUM | N/A |
| SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages. | |||||
| CVE-2007-3656 | 1 Mozilla | 1 Firefox | 2018-10-15 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs. | |||||
| CVE-2015-6096 | 1 Microsoft | 1 .net Framework | 2018-10-12 | 4.3 MEDIUM | N/A |
| The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." | |||||
| CVE-2015-6088 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass." | |||||
| CVE-2015-6115 | 1 Microsoft | 1 .net Framework | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass." | |||||
| CVE-2015-6157 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-2556 | 1 Microsoft | 1 Sharepoint Server | 2018-10-12 | 4.3 MEDIUM | N/A |
| The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability." | |||||
| CVE-2015-6165 | 1 Microsoft | 1 Silverlight | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6114. | |||||
| CVE-2015-6052 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2018-10-12 | 4.3 MEDIUM | N/A |
| The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass." | |||||
| CVE-2015-6114 | 1 Microsoft | 1 Silverlight | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6165. | |||||
| CVE-2015-6161 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass." | |||||
| CVE-2015-6057 | 1 Microsoft | 1 Edge | 2018-10-12 | 5.0 MEDIUM | N/A |
| Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." | |||||
| CVE-2015-6086 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-6059 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2018-10-12 | 4.3 MEDIUM | N/A |
| The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." | |||||
| CVE-2015-6053 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via crafted parameters in an ArrayBuffer.slice call, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-6046 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-6135 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2018-10-12 | 5.0 MEDIUM | N/A |
| The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." | |||||
| CVE-2015-2414 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-2421 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass." | |||||
| CVE-2015-2375 | 1 Microsoft | 3 Excel, Excel Viewer, Sharepoint Server | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypass Vulnerability." | |||||
| CVE-2015-1765 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site. | |||||
| CVE-2015-2413 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-2449 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass." | |||||
| CVE-2015-2483 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Information Disclosure Vulnerability." | |||||
| CVE-2015-2440 | 1 Microsoft | 1 Xml Core Services | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability." | |||||
| CVE-2015-2505 | 1 Microsoft | 1 Exchange Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability." | |||||
| CVE-2015-2410 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted stylesheet, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-2445 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 10 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass." | |||||
| CVE-2015-2412 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-2434 | 1 Microsoft | 1 Xml Core Services | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471. | |||||
| CVE-2015-1670 | 1 Microsoft | 1 .net Framework | 2018-10-12 | 4.3 MEDIUM | N/A |
| The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2015-0070 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." | |||||
| CVE-2015-1686 | 1 Microsoft | 2 Internet Explorer, Vbscript | 2018-10-12 | 4.3 MEDIUM | N/A |
| The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass." | |||||