Search
Total
2412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5350 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. | |||||
| CVE-2008-5342 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. | |||||
| CVE-2008-5341 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. | |||||
| CVE-2008-5322 | 1 Easy-script | 1 Wysi Wiki Wyg | 2017-09-29 | 7.8 HIGH | N/A |
| Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function. | |||||
| CVE-2008-5012 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. | |||||
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2017-09-29 | 7.5 HIGH | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | |||||
| CVE-2008-4183 | 1 Integramod | 1 Integramod | 2017-09-29 | 5.0 MEDIUM | N/A |
| IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename. | |||||
| CVE-2008-4164 | 1 Memht | 1 Memht Portal | 2017-09-29 | 2.6 LOW | N/A |
| cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2008-4115 | 1 Talkback | 1 Talkback | 2017-09-29 | 5.0 MEDIUM | N/A |
| TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | |||||
| CVE-2008-4069 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-29 | 5.0 MEDIUM | N/A |
| The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. | |||||
| CVE-2008-3651 | 1 Linux | 1 Ipsec Tools Racoon Daemon | 2017-09-29 | 4.0 MEDIUM | N/A |
| Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. | |||||
| CVE-2008-2881 | 1 Relative Real Estate Systems | 1 Relative Real Estate Systems | 2017-09-29 | 5.0 MEDIUM | N/A |
| Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2008-2782 | 1 Otomigenx | 1 Otomigenx | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php. | |||||
| CVE-2008-2681 | 1 Realm Project | 1 Realm Cms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message. | |||||
| CVE-2008-0938 | 1 Sun | 1 Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126. | |||||
| CVE-2008-0297 | 1 Keil Software | 1 Photokorn | 2017-09-29 | 5.0 MEDIUM | N/A |
| PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. | |||||
| CVE-2007-6702 | 1 Goahead Software | 2 Fs4104-aw Device, Goahead Webserver | 2017-09-29 | 5.0 MEDIUM | N/A |
| goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603. | |||||
| CVE-2008-2028 | 1 Minibb | 1 Minibb | 2017-09-29 | 4.3 MEDIUM | N/A |
| miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message. | |||||
| CVE-2008-2018 | 1 Phpizabi | 1 Phpizabi | 2017-09-29 | 4.0 MEDIUM | N/A |
| The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user. | |||||
| CVE-2008-2004 | 1 Qemu | 1 Qemu | 2017-09-29 | 4.9 MEDIUM | N/A |
| The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. | |||||
| CVE-2008-1782 | 1 Advanced Software Engineering | 1 Chartdirector | 2017-09-29 | 5.0 MEDIUM | N/A |
| phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter. | |||||
| CVE-2008-0598 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary. | |||||
| CVE-2008-1680 | 1 Future Nuke | 1 Php-nuke Platinum | 2017-09-29 | 5.0 MEDIUM | N/A |
| PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc. | |||||
| CVE-2008-1506 | 1 Peel | 1 Peel | 2017-09-29 | 5.0 MEDIUM | N/A |
| PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2008-1156 | 1 Cisco | 2 Cisco Ios, Ios | 2017-09-29 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. | |||||
| CVE-2007-6476 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2017-09-29 | 5.0 MEDIUM | N/A |
| GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2007-5774 | 1 Flatnuke3 | 1 Flatnuke3 | 2017-09-29 | 5.0 MEDIUM | N/A |
| index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message. | |||||
| CVE-2007-5654 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2017-09-29 | 5.0 MEDIUM | N/A |
| LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection." | |||||
| CVE-2007-3850 | 2 Apple, Linux | 2 Powerpc, Linux Kernel | 2017-09-29 | 1.9 LOW | N/A |
| The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space. | |||||
| CVE-2015-3711 | 1 Apple | 1 Mac Os X | 2017-09-22 | 4.3 MEDIUM | N/A |
| The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. | |||||
| CVE-2015-3721 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-22 | 4.3 MEDIUM | N/A |
| The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||||
| CVE-2015-3677 | 1 Apple | 1 Mac Os X | 2017-09-22 | 4.3 MEDIUM | N/A |
| The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. | |||||
| CVE-2015-3690 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-22 | 4.3 MEDIUM | N/A |
| The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. | |||||
| CVE-2015-3676 | 1 Apple | 1 Mac Os X | 2017-09-22 | 4.3 MEDIUM | N/A |
| AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. | |||||
| CVE-2015-1883 | 1 Ibm | 1 Db2 | 2017-09-22 | 4.0 MEDIUM | N/A |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure. | |||||
| CVE-2015-1887 | 1 Ibm | 1 Websphere Portal | 2017-09-22 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request. | |||||
| CVE-2015-3097 | 2 Adobe, Microsoft | 5 Air, Air Sdk, Air Sdk \& Compiler and 2 more | 2017-09-22 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address. | |||||
| CVE-2015-3762 | 1 Apple | 1 Mac Os X | 2017-09-21 | 5.0 MEDIUM | N/A |
| The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-3284 | 1 Openafs | 1 Openafs | 2017-09-21 | 2.1 LOW | N/A |
| pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. | |||||
| CVE-2015-3282 | 1 Openafs | 1 Openafs | 2017-09-21 | 4.3 MEDIUM | N/A |
| vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. | |||||
| CVE-2015-3764 | 1 Apple | 1 Mac Os X | 2017-09-21 | 4.3 MEDIUM | N/A |
| Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. | |||||
| CVE-2015-5084 | 1 Siemens | 2 Simatic Wincc Sm\@rtclient, Simatic Wincc Sm\@rtclient Lite | 2017-09-21 | 2.1 LOW | N/A |
| The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5697 | 1 Linux | 1 Linux Kernel | 2017-09-21 | 2.1 LOW | N/A |
| The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. | |||||
| CVE-2015-5730 | 1 Wordpress | 1 Wordpress | 2017-09-21 | 5.0 MEDIUM | N/A |
| The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated. | |||||
| CVE-2015-4536 | 1 Emc | 1 Documentum Content Server | 2017-09-21 | 3.5 LOW | N/A |
| EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file. | |||||
| CVE-2015-4314 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2017-09-21 | 4.0 MEDIUM | N/A |
| The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422. | |||||
| CVE-2015-4320 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2017-09-21 | 4.0 MEDIUM | N/A |
| The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340. | |||||
| CVE-2015-1488 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-21 | 4.0 MEDIUM | N/A |
| An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors. | |||||
| CVE-2015-3780 | 1 Apple | 1 Mac Os X | 2017-09-21 | 4.3 MEDIUM | N/A |
| The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2015-4949 | 1 Ibm | 3 Tivoli Storage Flashcopy Manager, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server, Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server | 2017-09-21 | 2.1 LOW | N/A |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557. | |||||