Search
Total
2412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4272 | 2 Botcha Spam Prevention Project, Drupal | 2 Botcha, Drupal | 2013-09-05 | 4.3 MEDIUM | N/A |
| The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. | |||||
| CVE-2012-6502 | 1 Microsoft | 1 Internet Explorer | 2013-09-03 | 2.6 LOW | N/A |
| Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. | |||||
| CVE-2007-4656 | 1 Backup Manager | 1 Backup Manager | 2013-08-28 | 2.1 LOW | N/A |
| backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. | |||||
| CVE-2008-0993 | 1 Apple | 3 Mac Os X, Mac Os X Server, Podcast Producer | 2013-08-27 | 2.1 LOW | N/A |
| Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. | |||||
| CVE-2011-3755 | 1 Mantisbt | 1 Mantisbt | 2013-08-27 | 5.0 MEDIUM | N/A |
| MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files. | |||||
| CVE-2013-4780 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-22 | 7.8 HIGH | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-3823 | 1 Oracle | 1 Supply Chain Products Suite | 2013-08-22 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | |||||
| CVE-2013-4778 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-22 | 7.8 HIGH | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive server and statistics information via unspecified vectors. | |||||
| CVE-2012-6549 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 1.9 LOW | N/A |
| The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. | |||||
| CVE-2012-6547 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 1.9 LOW | N/A |
| The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2012-3519 | 1 Tor | 1 Tor | 2013-08-22 | 5.0 MEDIUM | N/A |
| routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. | |||||
| CVE-2012-3749 | 1 Apple | 1 Iphone Os | 2013-08-17 | 5.0 MEDIUM | N/A |
| The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. | |||||
| CVE-2013-4678 | 1 Symantec | 1 Backup Exec | 2013-08-09 | 2.7 LOW | N/A |
| The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors. | |||||
| CVE-2013-3442 | 1 Cisco | 1 Unified Communications Manager | 2013-08-05 | 4.0 MEDIUM | N/A |
| The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | |||||
| CVE-2013-0943 | 1 Emc | 1 Networker | 2013-07-31 | 4.6 MEDIUM | N/A |
| EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. | |||||
| CVE-2013-5000 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-07-31 | 5.0 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. | |||||
| CVE-2013-4998 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-07-31 | 5.0 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. | |||||
| CVE-2013-4999 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-07-31 | 5.0 MEDIUM | N/A |
| phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. | |||||
| CVE-2000-0588 | 1 Sawmill | 1 Sawmill | 2013-07-30 | 5.0 MEDIUM | N/A |
| SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands. | |||||
| CVE-2012-5552 | 2 Drupal, Erikwebb | 2 Drupal, Password Policy | 2013-07-20 | 5.0 MEDIUM | N/A |
| The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks." | |||||
| CVE-2013-3428 | 1 Cisco | 1 Secure Access Control System | 2013-07-16 | 4.0 MEDIUM | N/A |
| The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. | |||||
| CVE-2013-1615 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2013-07-08 | 2.9 LOW | N/A |
| The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls. | |||||
| CVE-2013-1814 | 1 Apache | 1 Rave | 2013-07-03 | 4.0 MEDIUM | N/A |
| The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response. | |||||
| CVE-2013-3398 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution | 2013-06-27 | 5.0 MEDIUM | N/A |
| The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574. | |||||
| CVE-2013-4628 | 1 Huawei | 3 Quidway Service Process Unit Board S7700, Quidway Service Process Unit Board S9300, Quidway Service Process Unit Board S9700 | 2013-06-21 | 3.5 LOW | N/A |
| The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone. | |||||
| CVE-2013-3959 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2013-06-17 | 4.0 MEDIUM | N/A |
| The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters. | |||||
| CVE-2013-3643 | 1 Adgjm | 1 Galapagos Browser | 2013-06-17 | 4.3 MEDIUM | N/A |
| The Galapagos Browser application for Android does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2013-3642 | 2 Adgjm, Google | 2 Angel Browser, Android | 2013-06-17 | 4.3 MEDIUM | N/A |
| The Angel Browser application 1.47b and earlier for Android 1.6 through 2.1, 1.62b and earlier for Android 2.2 through 2.3.4, 1.68b and earlier for Android 3.0 through 4.0.3, and 1.76b and earlier for Android 4.1 through 4.2 does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-3718 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-06-06 | 2.1 LOW | N/A |
| Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | |||||
| CVE-2013-0982 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-06-05 | 1.7 LOW | N/A |
| The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | |||||
| CVE-2013-0349 | 1 Linux | 1 Linux Kernel | 2013-06-05 | 1.9 LOW | N/A |
| The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. | |||||
| CVE-2012-4530 | 1 Linux | 1 Linux Kernel | 2013-06-05 | 2.1 LOW | N/A |
| The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2012-4698 | 1 Siemens | 4 Ros, Rox I Os, Rox Ii Os and 1 more | 2013-05-21 | 4.3 MEDIUM | N/A |
| Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. | |||||
| CVE-2012-3796 | 1 Pro-face | 2 Pro-server Ex, Wingp Pc Runtime | 2013-05-21 | 5.0 MEDIUM | N/A |
| Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode. | |||||
| CVE-2013-1665 | 1 Openstack | 2 Folsom, Keystone Essex | 2013-05-15 | 5.0 MEDIUM | N/A |
| The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. | |||||
| CVE-2013-0305 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2013-05-15 | 4.0 MEDIUM | N/A |
| The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information. | |||||
| CVE-2012-6539 | 1 Linux | 1 Linux Kernel | 2013-05-15 | 1.9 LOW | N/A |
| The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2012-6540 | 1 Linux | 1 Linux Kernel | 2013-05-15 | 1.9 LOW | N/A |
| The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2010-1138 | 2 Microsoft, Vmware | 6 Windows, Ace, Fusion and 3 more | 2013-05-15 | 5.0 MEDIUM | N/A |
| The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process. | |||||
| CVE-2013-2308 | 1 Softbanktech | 1 Online Service Gate | 2013-05-09 | 4.0 MEDIUM | N/A |
| The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online Service Gate allow remote authenticated users to discover their own passwords, and consequently bypass an Office 365 restriction, via unspecified vectors. | |||||
| CVE-2013-3507 | 1 Gwos | 1 Groundwork Monitor | 2013-05-08 | 4.0 MEDIUM | N/A |
| The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or (3) the Tomcat status context. | |||||
| CVE-2012-6140 | 1 Google | 1 Authenticator | 2013-05-07 | 1.9 LOW | N/A |
| pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258. | |||||
| CVE-2013-1231 | 1 Cisco | 2 Webex Meetings Server, Webex Node For Mcs | 2013-05-03 | 5.0 MEDIUM | N/A |
| The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. | |||||
| CVE-2013-0944 | 1 Emc | 1 Avamar | 2013-05-03 | 3.5 LOW | N/A |
| The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
| CVE-2012-5657 | 1 Zend | 1 Zend Framework | 2013-05-03 | 5.0 MEDIUM | N/A |
| The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. | |||||
| CVE-2013-1216 | 1 Cisco | 1 Ios Xr | 2013-05-01 | 4.0 MEDIUM | N/A |
| Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. | |||||
| CVE-2013-1185 | 1 Cisco | 6 Unified Computing System 6120xp Fabric Interconnect, Unified Computing System 6140xp Fabric Interconnect, Unified Computing System 6248up Fabric Interconnect and 3 more | 2013-04-25 | 9.3 HIGH | N/A |
| The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543. | |||||
| CVE-2013-3210 | 1 Opera | 1 Opera Browser | 2013-04-22 | 5.0 MEDIUM | N/A |
| Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain. | |||||
| CVE-2013-3237 | 1 Linux | 1 Linux Kernel | 2013-04-22 | 4.9 MEDIUM | N/A |
| The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2012-3430 | 1 Linux | 1 Linux Kernel | 2013-04-19 | 2.1 LOW | N/A |
| The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. | |||||