Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3857 | 1 Ibm | 1 Db2 Universal Database | 2017-08-08 | 4.6 MEDIUM | N/A |
| The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. | |||||
| CVE-2008-4593 | 1 Apple | 1 Iphone | 2017-08-08 | 1.2 LOW | N/A |
| Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. | |||||
| CVE-2008-4412 | 1 Hp | 1 Systems Insight Manager | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-4199 | 1 Opera | 1 Opera Browser | 2017-08-08 | 5.0 MEDIUM | N/A |
| Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." | |||||
| CVE-2008-4693 | 1 Ibm | 1 Db2 | 2017-08-08 | 5.0 MEDIUM | N/A |
| The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | |||||
| CVE-2008-4125 | 1 Phpbb | 1 Phpbb | 2017-08-08 | 5.0 MEDIUM | N/A |
| The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632. | |||||
| CVE-2008-3962 | 1 Ssmtp | 1 Ssmtp | 2017-08-08 | 2.6 LOW | N/A |
| The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message. | |||||
| CVE-2008-3903 | 2 Asterisk, Trixbox | 2 P B X, Pbx | 2017-08-08 | 3.5 LOW | N/A |
| Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-4635 | 2 Hisanaga Electric Co, Xoops | 2 Hisa Cart, Xoops | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors. | |||||
| CVE-2008-3777 | 1 Avaya | 3 Communication Manager, S8300c Server, Sip Enablement Services | 2017-08-08 | 2.1 LOW | N/A |
| The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs. | |||||
| CVE-2008-4695 | 1 Opera | 1 Opera | 2017-08-08 | 9.3 HIGH | N/A |
| Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context. | |||||
| CVE-2008-4747 | 1 Sun | 2 Java Access Manager, Java System Ldap Jdk | 2017-08-08 | 2.1 LOW | N/A |
| Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. | |||||
| CVE-2008-4808 | 1 Ibm | 1 Lotus Connections | 2017-08-08 | 5.0 MEDIUM | N/A |
| IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2736 | 1 Cisco | 1 Adaptive Security Appliance 5500 | 2017-08-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636. | |||||
| CVE-2008-3168 | 1 Empire Server | 1 Empire Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed. | |||||
| CVE-2008-3078 | 1 Opera | 1 Opera Browser | 2017-08-08 | 7.8 HIGH | N/A |
| Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. | |||||
| CVE-2008-3550 | 1 Ibm | 1 Rational Clearquest | 2017-08-08 | 5.0 MEDIUM | N/A |
| The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2008-3060 | 1 V-webmail | 1 V-webmail | 2017-08-08 | 5.0 MEDIUM | N/A |
| V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. | |||||
| CVE-2008-3049 | 1 Typo3 | 1 Pdf Generator 2 Extension | 2017-08-08 | 5.0 MEDIUM | N/A |
| The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-3040 | 1 Typo3 | 1 Dam Frontend Extension | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2008-3539 | 2 Hp, Microsoft | 12 Hpsi Acf2 Connector, Hpsi Active Directory Connector, Hpsi Bidir Dirx Connector and 9 more | 2017-08-08 | 2.1 LOW | N/A |
| Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2008-2723 | 1 Menalto | 1 Gallery | 2017-08-08 | 5.0 MEDIUM | N/A |
| embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." | |||||
| CVE-2008-2721 | 1 Menalto | 1 Gallery | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. | |||||
| CVE-2008-3451 | 1 Phpwebgallery | 1 Phpwebgallery | 2017-08-08 | 4.0 MEDIUM | N/A |
| PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | |||||
| CVE-2008-3339 | 1 Avidweb Technologies | 1 Jobbex Jobsite | 2017-08-08 | 6.8 MEDIUM | N/A |
| search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message. | |||||
| CVE-2008-2715 | 1 Opera | 1 Opera Browser | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. | |||||
| CVE-2008-3171 | 1 Apple | 1 Safari | 2017-08-08 | 5.0 MEDIUM | N/A |
| Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2008-2517 | 1 Sarab | 1 Sarab | 2017-08-08 | 2.1 LOW | N/A |
| The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2008-3259 | 1 Openbsd | 1 Openssh | 2017-08-08 | 1.2 LOW | N/A |
| OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. | |||||
| CVE-2008-1618 | 1 Watchguard | 1 Firebox Pptp Vpn | 2017-08-08 | 5.0 MEDIUM | N/A |
| The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-1752 | 1 Achmad Zaenuri | 1 Ezradius | 2017-08-08 | 7.5 HIGH | N/A |
| ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1924 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-08 | 3.5 LOW | N/A |
| Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. | |||||
| CVE-2008-2049 | 1 E-post Corporation | 1 Mail Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. | |||||
| CVE-2008-2330 | 1 Apple | 1 Mac Os X Server | 2017-08-08 | 4.9 MEDIUM | N/A |
| slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | |||||
| CVE-2008-2120 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | |||||
| CVE-2008-1288 | 1 Ibm | 1 Rational Clearquest | 2017-08-08 | 5.0 MEDIUM | N/A |
| IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies. | |||||
| CVE-2008-1318 | 1 Mediawiki | 1 Mediawiki | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results. | |||||
| CVE-2008-1330 | 1 Novell | 1 Groupwise | 2017-08-08 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | |||||
| CVE-2008-1578 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 2.1 LOW | N/A |
| The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2008-1579 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. | |||||
| CVE-2008-1580 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2017-08-08 | 4.3 MEDIUM | N/A |
| CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. | |||||
| CVE-2008-1567 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-08 | 2.1 LOW | N/A |
| phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | |||||
| CVE-2008-2318 | 1 Apple | 2 Xcode, Xcode Tools | 2017-08-08 | 5.0 MEDIUM | N/A |
| The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. | |||||
| CVE-2008-2329 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 1.9 LOW | N/A |
| Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | |||||
| CVE-2007-6249 | 1 Gentoo | 2 Linux, Portage | 2017-08-08 | 2.1 LOW | N/A |
| etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. | |||||
| CVE-2007-6513 | 1 Hp | 1 Esupportdiagnostics | 2017-08-08 | 4.3 MEDIUM | N/A |
| HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method. | |||||
| CVE-2008-0050 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | |||||
| CVE-2008-0589 | 1 Ibm | 1 Aix | 2017-08-08 | 4.9 MEDIUM | N/A |
| The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-0994 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 2.6 LOW | N/A |
| Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. | |||||
| CVE-2008-0995 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 2.6 LOW | N/A |
| The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods. | |||||