Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1579 | 1 Mediawiki | 1 Mediawiki | 2012-09-10 | 5.0 MEDIUM | N/A |
| The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2012-4012 | 1 Cybozu | 1 Kunai | 2012-09-10 | 4.3 MEDIUM | N/A |
| The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. | |||||
| CVE-2012-0837 | 1 Joomla | 1 Joomla\! | 2012-09-07 | 5.0 MEDIUM | N/A |
| Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." | |||||
| CVE-2012-4219 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-09-07 | 5.0 MEDIUM | N/A |
| show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file. | |||||
| CVE-2012-1607 | 1 Typo3 | 1 Typo3 | 2012-09-05 | 5.0 MEDIUM | N/A |
| The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. | |||||
| CVE-2012-1614 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2012-09-05 | 5.0 MEDIUM | N/A |
| Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message. | |||||
| CVE-2011-4598 | 1 Digium | 1 Asterisk | 2012-09-01 | 4.3 MEDIUM | N/A |
| The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests. | |||||
| CVE-2012-1645 | 2 Drupal, Wimleers | 2 Drupal, Cdn | 2012-08-29 | 2.6 LOW | N/A |
| The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php. | |||||
| CVE-2012-1586 | 1 Debian | 1 Cifs-utils | 2012-08-28 | 2.1 LOW | N/A |
| mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. | |||||
| CVE-2012-4332 | 2 Barandisolutions, Wordpress | 2 Shareyourcart, Wordpress | 2012-08-28 | 5.0 MEDIUM | N/A |
| The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK. | |||||
| CVE-2011-5126 | 1 Bluecoat | 1 Sgos | 2012-08-27 | 5.0 MEDIUM | N/A |
| Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file. | |||||
| CVE-2012-4674 | 1 Pluxml | 1 Pluxml | 2012-08-27 | 5.0 MEDIUM | N/A |
| PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. | |||||
| CVE-2010-5187 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 4.3 MEDIUM | N/A |
| SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message. | |||||
| CVE-2012-2387 | 1 Debian | 1 Devotee | 2012-08-21 | 5.0 MEDIUM | N/A |
| devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack. | |||||
| CVE-2012-4007 | 2 Google, Mixi | 2 Android, Mixi | 2012-08-20 | 4.3 MEDIUM | N/A |
| The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. | |||||
| CVE-2011-4014 | 1 Cisco | 1 Wireless Control System Software | 2012-08-19 | 4.0 MEDIUM | N/A |
| The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. | |||||
| CVE-2012-2327 | 1 Mybb | 1 Mybb | 2012-08-14 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. | |||||
| CVE-2012-4255 | 1 Mysqldumper | 1 Mysqldumper | 2012-08-14 | 4.3 MEDIUM | N/A |
| MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. | |||||
| CVE-2012-3474 | 1 Ushahidi | 1 Ushahidi Platform | 2012-08-13 | 5.0 MEDIUM | N/A |
| The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call. | |||||
| CVE-2012-4235 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2012-08-10 | 5.0 MEDIUM | N/A |
| The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | |||||
| CVE-2012-0421 | 1 Novell | 1 Suse Audit Log Keeper | 2012-08-08 | 2.1 LOW | N/A |
| The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file. | |||||
| CVE-2012-2302 | 2 Drupal, Nancy Wichmann | 2 Drupal, Sitedoc | 2012-08-08 | 5.0 MEDIUM | N/A |
| Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-1361 | 1 Cisco | 1 Ios | 2012-08-07 | 4.3 MEDIUM | N/A |
| Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. | |||||
| CVE-2012-1348 | 1 Cisco | 1 Wide Area Application Services | 2012-08-07 | 5.0 MEDIUM | N/A |
| Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. | |||||
| CVE-2008-7292 | 2 Microsoft, Mozilla | 2 Windows, Bugzilla | 2012-08-02 | 2.1 LOW | N/A |
| Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. | |||||
| CVE-2012-2647 | 3 Apple, Google, Yahoo | 3 Safari, Chrome, Toolbar | 2012-07-31 | 5.8 MEDIUM | N/A |
| Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. | |||||
| CVE-2012-3886 | 1 Airdroid | 1 Airdroid | 2012-07-27 | 5.0 MEDIUM | N/A |
| AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack. | |||||
| CVE-2012-3829 | 1 Joomla | 1 Joomla\! | 2012-07-17 | 5.0 MEDIUM | N/A |
| Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | |||||
| CVE-2012-3838 | 1 Babygekko | 1 Baby Gekko | 2012-07-17 | 5.0 MEDIUM | N/A |
| Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php. | |||||
| CVE-2012-3798 | 2 Bryce Hamrick, Drupal | 2 Janrain Capture, Drupal | 2012-06-27 | 5.0 MEDIUM | N/A |
| The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. | |||||
| CVE-2011-1160 | 1 Linux | 1 Linux Kernel | 2012-06-26 | 2.1 LOW | N/A |
| The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. | |||||
| CVE-2012-0950 | 1 Canonical | 1 Ubuntu Linux | 2012-06-26 | 5.0 MEDIUM | N/A |
| The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949. | |||||
| CVE-2012-2635 | 2 Dolphin-browser, Google | 3 Dolphin Browser Hd, Dolphin For Pad, Android | 2012-06-18 | 4.3 MEDIUM | N/A |
| The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2011-1643 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2012-06-15 | 10.0 HIGH | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. | |||||
| CVE-2008-5683 | 1 Opera | 1 Opera Browser | 2012-06-07 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | |||||
| CVE-2011-3779 | 1 Idevspot | 1 Phphostbot | 2012-05-31 | 5.0 MEDIUM | N/A |
| PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files. | |||||
| CVE-2011-3772 | 1 Php-collab | 1 Phpcollab | 2012-05-31 | 5.0 MEDIUM | N/A |
| phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newtopic.php and certain other files. | |||||
| CVE-2011-4232 | 1 Cisco | 1 Unified Meetingplace | 2012-05-30 | 5.0 MEDIUM | N/A |
| The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070. | |||||
| CVE-2011-3781 | 1 Phpids | 1 Phpids | 2012-05-21 | 5.0 MEDIUM | N/A |
| PHPIDS 0.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/IDS/VersionTest.php and certain other files. | |||||
| CVE-2011-3780 | 1 Phpicalendar | 1 Php Icalendar | 2012-05-21 | 5.0 MEDIUM | N/A |
| PHP iCalendar 2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by rss/rss_common.php and certain other files. | |||||
| CVE-2011-3784 | 1 Phpnuke | 1 Php-nuke | 2012-05-21 | 5.0 MEDIUM | N/A |
| Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files. | |||||
| CVE-2011-3813 | 1 Vwar | 1 Virtual War | 2012-05-21 | 5.0 MEDIUM | N/A |
| Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files. | |||||
| CVE-2011-3785 | 1 Phppointofsale | 1 Php Point Of Sale | 2012-05-21 | 5.0 MEDIUM | N/A |
| PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | |||||
| CVE-2011-3786 | 1 Phprojekt | 1 Phprojekt | 2012-05-21 | 5.0 MEDIUM | N/A |
| PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php. | |||||
| CVE-2011-3787 | 1 Nick Korbel | 1 Phpscheduleit | 2012-05-21 | 5.0 MEDIUM | N/A |
| phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other files. | |||||
| CVE-2011-3782 | 1 Phplinkdirectory | 1 Phpld | 2012-05-21 | 5.0 MEDIUM | N/A |
| phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Smarty_Compiler.class.php and certain other files. | |||||
| CVE-2011-3811 | 1 Tomatocart | 1 Tomatocart | 2012-05-21 | 5.0 MEDIUM | N/A |
| TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files. | |||||
| CVE-2011-3818 | 1 Wordpress | 1 Wordpress | 2012-05-21 | 5.0 MEDIUM | N/A |
| WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files. | |||||
| CVE-2011-3812 | 1 Vanillaforums | 1 Vanilla | 2012-05-21 | 5.0 MEDIUM | N/A |
| Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files. | |||||
| CVE-2011-3817 | 1 Websitebaker2 | 1 Website Baker | 2012-05-21 | 5.0 MEDIUM | N/A |
| Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/media/parameters.php and certain other files. NOTE: this might overlap CVE-2005-2436. | |||||