Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5596 | 1 Oracle | 1 Customer Relationship Management Technical Foundation | 2017-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2016-5575 | 1 Oracle | 1 Common Applications | 2017-07-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Resources Module. | |||||
| CVE-2016-5508 | 1 Oracle | 1 Solaris Cluster | 2017-07-29 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 allows local users to affect confidentiality via vectors related to Cluster Geo. | |||||
| CVE-2016-5505 | 1 Oracle | 1 Database Server | 2017-07-29 | 2.1 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors. | |||||
| CVE-2016-4613 | 1 Apple | 4 Apple Tv, Icloud, Itunes and 1 more | 2017-07-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2016-5621 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 and 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5603. | |||||
| CVE-2016-5329 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2017-07-29 | 2.1 LOW | 5.5 MEDIUM |
| VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | |||||
| CVE-2016-5618 | 1 Oracle | 1 Data Integrator | 2017-07-29 | 3.5 LOW | 3.1 LOW |
| Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. | |||||
| CVE-2016-5603 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621. | |||||
| CVE-2016-3562 | 1 Oracle | 1 Database Server | 2017-07-29 | 4.3 MEDIUM | 2.4 LOW |
| Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to DBA. | |||||
| CVE-2016-5994 | 1 Ibm | 1 Infosphere Information Server | 2017-07-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. | |||||
| CVE-2016-8295 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Time And Labor | 2017-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2016-8294 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2017-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2016-8286 | 1 Oracle | 1 Mysql | 2017-07-29 | 3.5 LOW | 3.1 LOW |
| Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. | |||||
| CVE-2007-4688 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. | |||||
| CVE-2007-5473 | 2 Microsoft, Mono | 2 Windows, Mono | 2017-07-29 | 5.0 MEDIUM | N/A |
| StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. | |||||
| CVE-2007-5404 | 1 Layton Technology | 1 Helpbox | 2017-07-29 | 5.0 MEDIUM | N/A |
| Layton HelpBox 3.7.1 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2007-5172 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2017-07-29 | 5.0 MEDIUM | N/A |
| Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message. | |||||
| CVE-2007-4991 | 1 Microsoft | 1 Isa Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet. | |||||
| CVE-2007-4655 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2017-07-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi. | |||||
| CVE-2007-5701 | 1 Ibm | 1 Lotus Domino | 2017-07-29 | 2.1 LOW | N/A |
| Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel. | |||||
| CVE-2007-4514 | 1 Hp | 1 Procurve Manager | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors. | |||||
| CVE-2007-3756 | 2 Apple, Microsoft | 5 Iphone, Mac Os X, Safari and 2 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. | |||||
| CVE-2007-2253 | 1 Exponent | 1 Exponent Cms | 2017-07-29 | 5.0 MEDIUM | N/A |
| Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. | |||||
| CVE-2007-3008 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398. | |||||
| CVE-2007-2780 | 1 Psychostats | 1 Psychostats | 2017-07-29 | 5.0 MEDIUM | N/A |
| PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message. | |||||
| CVE-2007-2479 | 1 Cerulean Studios | 1 Trillian | 2017-07-29 | 7.1 HIGH | 5.9 MEDIUM |
| Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. | |||||
| CVE-2007-2353 | 1 Apache | 1 Axis | 2017-07-29 | 5.0 MEDIUM | N/A |
| Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message. | |||||
| CVE-2006-6886 | 1 Phpwcms | 1 Phpwcms | 2017-07-29 | 5.0 MEDIUM | N/A |
| phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages. | |||||
| CVE-2003-1379 | 1 Point Clark Networks | 1 Clarkconnect | 2017-07-29 | 5.0 MEDIUM | N/A |
| clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages. | |||||
| CVE-2003-1409 | 1 Ej3 | 1 Topo | 2017-07-29 | 5.0 MEDIUM | N/A |
| TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message. | |||||
| CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||
| CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2017-07-29 | 3.3 LOW | N/A |
| chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | |||||
| CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | |||||
| CVE-2003-1398 | 1 Cisco | 1 Ios | 2017-07-29 | 9.3 HIGH | N/A |
| Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | |||||
| CVE-2003-1481 | 1 Stalker | 1 Communigate Pro | 2017-07-29 | 5.8 MEDIUM | N/A |
| CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | |||||
| CVE-2003-1404 | 1 Dotbr | 1 Botbr | 2017-07-29 | 7.5 HIGH | N/A |
| DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | |||||
| CVE-2002-2289 | 1 Working Resources Inc. | 1 Badblue | 2017-07-29 | 5.0 MEDIUM | N/A |
| soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. | |||||
| CVE-2003-1468 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-29 | 4.3 MEDIUM | N/A |
| The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | |||||
| CVE-2003-1517 | 1 Dansie | 1 Shopping Cart | 2017-07-29 | 5.0 MEDIUM | N/A |
| cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message. | |||||
| CVE-2003-1486 | 1 Phorum | 1 Phorum | 2017-07-29 | 5.0 MEDIUM | N/A |
| Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. | |||||
| CVE-2002-2276 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2017-07-29 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message. | |||||
| CVE-2002-2288 | 1 Mambo | 1 Site Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. | |||||
| CVE-2017-11327 | 1 Tilde Cms Project | 1 Tilde Cms | 2017-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload. | |||||
| CVE-2016-9384 | 1 Xen | 1 Xen | 2017-07-28 | 2.1 LOW | 6.5 MEDIUM |
| Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. | |||||
| CVE-2016-9285 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. | |||||
| CVE-2016-7542 | 1 Fortinet | 1 Fortios | 2017-07-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | |||||
| CVE-2016-9286 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. | |||||
| CVE-2016-9284 | 1 Exponentcms | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | |||||
| CVE-2015-5152 | 1 Theforeman | 1 Foreman | 2017-07-27 | 4.3 MEDIUM | 8.1 HIGH |
| Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. | |||||