Search
Total
2412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0348 | 1 Sun | 1 Java System Access Manager | 2017-08-08 | 5.0 MEDIUM | N/A |
| The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2009-0434 | 1 Ibm | 1 Websphere Application Server | 2017-08-08 | 1.9 LOW | N/A |
| PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413. | |||||
| CVE-2009-0437 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2017-08-08 | 1.9 LOW | N/A |
| The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file. | |||||
| CVE-2009-0504 | 1 Ibm | 1 Websphere Application Server | 2017-08-08 | 2.1 LOW | N/A |
| WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. | |||||
| CVE-2008-3857 | 1 Ibm | 1 Db2 Universal Database | 2017-08-08 | 4.6 MEDIUM | N/A |
| The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. | |||||
| CVE-2008-4808 | 1 Ibm | 1 Lotus Connections | 2017-08-08 | 5.0 MEDIUM | N/A |
| IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4747 | 1 Sun | 2 Java Access Manager, Java System Ldap Jdk | 2017-08-08 | 2.1 LOW | N/A |
| Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. | |||||
| CVE-2008-4695 | 1 Opera | 1 Opera | 2017-08-08 | 9.3 HIGH | N/A |
| Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context. | |||||
| CVE-2008-4693 | 1 Ibm | 1 Db2 | 2017-08-08 | 5.0 MEDIUM | N/A |
| The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | |||||
| CVE-2008-4635 | 2 Hisanaga Electric Co, Xoops | 2 Hisa Cart, Xoops | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors. | |||||
| CVE-2008-4593 | 1 Apple | 1 Iphone | 2017-08-08 | 1.2 LOW | N/A |
| Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. | |||||
| CVE-2008-3777 | 1 Avaya | 3 Communication Manager, S8300c Server, Sip Enablement Services | 2017-08-08 | 2.1 LOW | N/A |
| The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs. | |||||
| CVE-2008-4125 | 1 Phpbb | 1 Phpbb | 2017-08-08 | 5.0 MEDIUM | N/A |
| The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632. | |||||
| CVE-2008-3903 | 2 Asterisk, Trixbox | 2 P B X, Pbx | 2017-08-08 | 3.5 LOW | N/A |
| Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-3962 | 1 Ssmtp | 1 Ssmtp | 2017-08-08 | 2.6 LOW | N/A |
| The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message. | |||||
| CVE-2008-4199 | 1 Opera | 1 Opera Browser | 2017-08-08 | 5.0 MEDIUM | N/A |
| Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." | |||||
| CVE-2008-4412 | 1 Hp | 1 Systems Insight Manager | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-2715 | 1 Opera | 1 Opera Browser | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. | |||||
| CVE-2008-2721 | 1 Menalto | 1 Gallery | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. | |||||
| CVE-2008-2723 | 1 Menalto | 1 Gallery | 2017-08-08 | 5.0 MEDIUM | N/A |
| embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." | |||||
| CVE-2008-2736 | 1 Cisco | 1 Adaptive Security Appliance 5500 | 2017-08-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636. | |||||
| CVE-2008-3040 | 1 Typo3 | 1 Dam Frontend Extension | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2008-3049 | 1 Typo3 | 1 Pdf Generator 2 Extension | 2017-08-08 | 5.0 MEDIUM | N/A |
| The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-3060 | 1 V-webmail | 1 V-webmail | 2017-08-08 | 5.0 MEDIUM | N/A |
| V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. | |||||
| CVE-2008-3078 | 1 Opera | 1 Opera Browser | 2017-08-08 | 7.8 HIGH | N/A |
| Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. | |||||
| CVE-2008-3168 | 1 Empire Server | 1 Empire Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed. | |||||
| CVE-2008-3171 | 1 Apple | 1 Safari | 2017-08-08 | 5.0 MEDIUM | N/A |
| Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2008-3339 | 1 Avidweb Technologies | 1 Jobbex Jobsite | 2017-08-08 | 6.8 MEDIUM | N/A |
| search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message. | |||||
| CVE-2008-3539 | 2 Hp, Microsoft | 12 Hpsi Acf2 Connector, Hpsi Active Directory Connector, Hpsi Bidir Dirx Connector and 9 more | 2017-08-08 | 2.1 LOW | N/A |
| Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2008-3259 | 1 Openbsd | 1 Openssh | 2017-08-08 | 1.2 LOW | N/A |
| OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. | |||||
| CVE-2008-3550 | 1 Ibm | 1 Rational Clearquest | 2017-08-08 | 5.0 MEDIUM | N/A |
| The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2008-2517 | 1 Sarab | 1 Sarab | 2017-08-08 | 2.1 LOW | N/A |
| The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2008-3451 | 1 Phpwebgallery | 1 Phpwebgallery | 2017-08-08 | 4.0 MEDIUM | N/A |
| PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | |||||
| CVE-2008-1578 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 2.1 LOW | N/A |
| The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2008-1579 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. | |||||
| CVE-2008-1567 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-08 | 2.1 LOW | N/A |
| phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | |||||
| CVE-2008-2329 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 1.9 LOW | N/A |
| Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | |||||
| CVE-2008-1752 | 1 Achmad Zaenuri | 1 Ezradius | 2017-08-08 | 7.5 HIGH | N/A |
| ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2318 | 1 Apple | 2 Xcode, Xcode Tools | 2017-08-08 | 5.0 MEDIUM | N/A |
| The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. | |||||
| CVE-2008-1580 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2017-08-08 | 4.3 MEDIUM | N/A |
| CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. | |||||
| CVE-2008-1618 | 1 Watchguard | 1 Firebox Pptp Vpn | 2017-08-08 | 5.0 MEDIUM | N/A |
| The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-2120 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | |||||
| CVE-2008-2049 | 1 E-post Corporation | 1 Mail Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. | |||||
| CVE-2008-1330 | 1 Novell | 1 Groupwise | 2017-08-08 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | |||||
| CVE-2008-1318 | 1 Mediawiki | 1 Mediawiki | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results. | |||||
| CVE-2008-1288 | 1 Ibm | 1 Rational Clearquest | 2017-08-08 | 5.0 MEDIUM | N/A |
| IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies. | |||||
| CVE-2008-2330 | 1 Apple | 1 Mac Os X Server | 2017-08-08 | 4.9 MEDIUM | N/A |
| slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | |||||
| CVE-2008-1924 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-08 | 3.5 LOW | N/A |
| Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. | |||||
| CVE-2003-1550 | 1 Xoops | 1 Xoops | 2017-08-08 | 5.0 MEDIUM | N/A |
| XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message. | |||||
| CVE-2008-1155 | 1 Cisco | 1 Network Admission Control | 2017-08-08 | 10.0 HIGH | N/A |
| Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs. | |||||