Search
Total
2412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0572 | 1 Cisco | 1 Digital Media Manager | 2017-08-17 | 7.1 HIGH | N/A |
| Cisco Digital Media Manager (DMM) before 5.2 allows remote authenticated users to discover Cisco Digital Media Player credentials via vectors related to reading a (1) error log or (2) stack trace, aka Bug ID CSCtc46050. | |||||
| CVE-2010-2190 | 1 Php | 1 Php | 2017-08-17 | 5.0 MEDIUM | N/A |
| The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | |||||
| CVE-2010-0642 | 1 Cisco | 1 Collaboration Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components. | |||||
| CVE-2010-2913 | 2 Apple, Citibank | 2 Iphone Os, Citi Mobile | 2017-08-17 | 2.1 LOW | N/A |
| The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer. | |||||
| CVE-2010-2639 | 1 Ibm | 1 Websphere Commerce | 2017-08-17 | 5.0 MEDIUM | N/A |
| IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." | |||||
| CVE-2010-1915 | 1 Php | 1 Php | 2017-08-17 | 5.0 MEDIUM | N/A |
| The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. | |||||
| CVE-2010-0750 | 1 Freedesktop | 1 Policykit | 2017-08-17 | 2.1 LOW | N/A |
| pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. | |||||
| CVE-2010-1407 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2017-08-17 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. | |||||
| CVE-2010-1914 | 1 Php | 1 Php | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. | |||||
| CVE-2009-4533 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. | |||||
| CVE-2009-4529 | 1 Intervations | 1 Navicopa Web Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs. | |||||
| CVE-2009-4531 | 1 Jasper | 1 Httpdx | 2017-08-17 | 5.0 MEDIUM | N/A |
| httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI. | |||||
| CVE-2010-0214 | 1 Polyvision | 2 Roomwizard, Roomwizard Firmware | 2017-08-17 | 5.0 MEDIUM | N/A |
| The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI. | |||||
| CVE-2009-4466 | 1 Deluxebb | 1 Deluxebb | 2017-08-17 | 5.0 MEDIUM | N/A |
| DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption). | |||||
| CVE-2009-5033 | 1 Ibm | 1 Lotus Notes Traveler | 2017-08-17 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread. | |||||
| CVE-2009-3628 | 1 Typo3 | 1 Typo3 | 2017-08-17 | 4.0 MEDIUM | N/A |
| The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element. | |||||
| CVE-2009-4254 | 1 Phpee | 1 Pphlogger | 2017-08-17 | 5.0 MEDIUM | N/A |
| PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to (1) edCss.inc.php, (2) foot.inc.php, (3) get_csscolors.inc.php, (4) head.inc.php, (5) head_stuff.inc.php, (6) loglist.inc.php, and (7) pphlogger_send.inc.php in include/, which reveals the installation path in an error message. | |||||
| CVE-2009-4236 | 1 Ec-cube | 1 Ec-cube Ver2 | 2017-08-17 | 5.0 MEDIUM | N/A |
| The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions. | |||||
| CVE-2009-3946 | 1 Joomla | 1 Joomla\! | 2017-08-17 | 5.0 MEDIUM | N/A |
| Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. | |||||
| CVE-2009-3782 | 2 2bits, Drupal | 2 Userpoints, Drupal | 2017-08-17 | 3.5 LOW | N/A |
| Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. | |||||
| CVE-2009-3600 | 1 Freewebscriptz | 1 Hubscript | 2017-08-17 | 5.0 MEDIUM | N/A |
| HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2009-3554 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-17 | 2.1 LOW | N/A |
| Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2009-3386 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 5.0 MEDIUM | N/A |
| Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug. | |||||
| CVE-2009-1239 | 1 Ibm | 1 Db2 | 2017-08-17 | 5.0 MEDIUM | N/A |
| IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. | |||||
| CVE-2009-2042 | 1 Libpng | 1 Libpng | 2017-08-17 | 4.3 MEDIUM | N/A |
| libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. | |||||
| CVE-2009-0788 | 1 Redhat | 1 Network Satellite Server | 2017-08-17 | 6.4 MEDIUM | N/A |
| Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors. | |||||
| CVE-2009-2956 | 1 Ibm | 1 Websphere Commerce Suite | 2017-08-17 | 5.0 MEDIUM | N/A |
| The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files. | |||||
| CVE-2009-2796 | 1 Apple | 1 Iphone Os | 2017-08-17 | 2.1 LOW | N/A |
| The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. | |||||
| CVE-2009-0867 | 1 Fujitsu | 1 Enhanced Support Facility | 2017-08-17 | 5.0 MEDIUM | N/A |
| The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection. | |||||
| CVE-2009-0958 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2017-08-17 | 4.3 MEDIUM | N/A |
| Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. | |||||
| CVE-2009-2691 | 1 Linux | 1 Linux Kernel | 2017-08-17 | 2.1 LOW | N/A |
| The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. | |||||
| CVE-2009-1292 | 2 Ibm, Unix | 3 Aix, Rational Clearcase, Unix | 2017-08-17 | 2.1 LOW | N/A |
| UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process. | |||||
| CVE-2009-1296 | 1 Ubuntu | 2 73-oubuntu, Ubuntu | 2017-08-17 | 1.9 LOW | N/A |
| The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root. | |||||
| CVE-2009-1494 | 1 Memcachedb | 1 Memcached | 2017-08-17 | 5.0 MEDIUM | N/A |
| The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port. | |||||
| CVE-2009-1713 | 1 Apple | 1 Safari | 2017-08-17 | 7.1 HIGH | N/A |
| The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. | |||||
| CVE-2009-1756 | 1 Simone Rota | 1 Slim Simple Login Manager | 2017-08-17 | 2.1 LOW | N/A |
| SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments. | |||||
| CVE-2009-1900 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool. | |||||
| CVE-2009-1898 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. | |||||
| CVE-2008-6561 | 2 Citrix, Microsoft | 2 Presentation Server Client, Windows | 2017-08-17 | 1.9 LOW | N/A |
| Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | |||||
| CVE-2008-6999 | 1 Phpauction | 1 Phpauction | 2017-08-17 | 5.0 MEDIUM | N/A |
| phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2008-6737 | 1 Ea | 1 Crysis | 2017-08-17 | 7.8 HIGH | N/A |
| Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information. | |||||
| CVE-2005-4868 | 1 Ibm | 1 Db2 Universal Database | 2017-08-17 | 2.1 LOW | N/A |
| Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | |||||
| CVE-2008-6896 | 1 3cx | 1 Phone System | 2017-08-17 | 5.0 MEDIUM | N/A |
| login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path. | |||||
| CVE-2009-0508 | 1 Ibm | 1 Websphere Application Server | 2017-08-08 | 7.5 HIGH | N/A |
| The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. | |||||
| CVE-2008-5076 | 1 Htop | 1 Htop | 2017-08-08 | 4.6 MEDIUM | N/A |
| htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings." | |||||
| CVE-2008-5096 | 1 Typo3 | 2 File List Extension, Typo3 | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
| CVE-2008-5099 | 1 Sun | 1 Logical Domain Manager | 2017-08-08 | 4.6 MEDIUM | N/A |
| Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992. | |||||
| CVE-2008-5849 | 1 Checkpoint | 1 Vpn-1 | 2017-08-08 | 5.0 MEDIUM | N/A |
| Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264. | |||||
| CVE-2009-0123 | 2 Apple, Microsoft | 3 Mac Os X, Safari, Windows | 2017-08-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-0278 | 1 Sun | 1 Java System Application Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. | |||||