Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6660 | 1 2z Project | 1 2z Project | 2018-10-15 | 5.0 MEDIUM | N/A |
| 2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters, which reveals the path in various error messages. | |||||
| CVE-2007-6502 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 5.5 MEDIUM | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found. | |||||
| CVE-2007-6514 | 2 Apache, Linux | 2 Http Server, Linux Kernel | 2018-10-15 | 4.3 MEDIUM | N/A |
| Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. | |||||
| CVE-2007-6524 | 1 Opera | 1 Opera Browser | 2018-10-15 | 7.8 HIGH | N/A |
| Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. | |||||
| CVE-2007-6512 | 1 Php | 1 Mysql Banner Exchange | 2018-10-15 | 5.0 MEDIUM | N/A |
| PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. | |||||
| CVE-2007-6408 | 1 Ibm | 1 Tivoli Provisioning Manager Express | 2018-10-15 | 5.0 MEDIUM | N/A |
| IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames. | |||||
| CVE-2007-6405 | 1 Shttpd | 1 Shttpd | 2018-10-15 | 6.4 MEDIUM | N/A |
| Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407. | |||||
| CVE-2007-6193 | 1 Citrix | 1 Netscaler | 2018-10-15 | 5.0 MEDIUM | N/A |
| The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. | |||||
| CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2018-10-15 | 5.0 MEDIUM | N/A |
| The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | |||||
| CVE-2007-6161 | 1 Tilde | 1 Tilde Cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path. | |||||
| CVE-2007-5958 | 1 X.org | 1 Xserver | 2018-10-15 | 5.0 MEDIUM | N/A |
| X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. | |||||
| CVE-2007-5922 | 2 Bitchx, Cypress | 2 Bitchx, Cypress | 2018-10-15 | 5.0 MEDIUM | N/A |
| The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. | |||||
| CVE-2007-5778 | 1 Mobile-spy | 1 Mobile-spy | 2018-10-15 | 6.4 MEDIUM | N/A |
| Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | |||||
| CVE-2007-5899 | 1 Php | 1 Php | 2018-10-15 | 4.3 MEDIUM | N/A |
| The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. | |||||
| CVE-2007-5637 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2018-10-15 | 4.3 MEDIUM | N/A |
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier. | |||||
| CVE-2007-5638 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2018-10-15 | 4.3 MEDIUM | N/A |
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages. | |||||
| CVE-2007-5432 | 1 Scottmanktelow | 1 Stride Cms | 2018-10-15 | 7.5 HIGH | N/A |
| Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php. | |||||
| CVE-2007-5413 | 1 Hp | 2 Openview Client Configuraton Manager, Openview Configuration Management | 2018-10-15 | 7.8 HIGH | N/A |
| httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root. | |||||
| CVE-2007-5444 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-15 | 5.0 MEDIUM | N/A |
| CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files. | |||||
| CVE-2007-5420 | 1 3com | 1 3crwe554g72t | 2018-10-15 | 2.6 LOW | N/A |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. | |||||
| CVE-2007-5431 | 2 Javaatwork, Scottmanktelow | 2 Myftpuploader Module, Stride | 2018-10-15 | 7.8 HIGH | N/A |
| include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code. | |||||
| CVE-2007-5337 | 3 Gnome, Linux, Mozilla | 4 Gnome-vfs, Linux Kernel, Firefox and 1 more | 2018-10-15 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | |||||
| CVE-2007-5264 | 1 Battlefront | 1 Dropteam | 2018-10-15 | 5.0 MEDIUM | N/A |
| Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information. | |||||
| CVE-2007-5034 | 1 Elinks | 1 Elinks | 2018-10-15 | 4.3 MEDIUM | N/A |
| ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https. | |||||
| CVE-2007-5129 | 1 Boesch-it | 1 Simpgb | 2018-10-15 | 5.0 MEDIUM | N/A |
| SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. | |||||
| CVE-2007-4861 | 1 Quirm | 1 Saxon | 2018-10-15 | 5.0 MEDIUM | N/A |
| SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages. | |||||
| CVE-2007-3656 | 1 Mozilla | 1 Firefox | 2018-10-15 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs. | |||||
| CVE-2018-15534 | 1 Geutebrueck | 2 Re Porter 16, Re Porter 16 Firmware | 2018-10-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003. | |||||
| CVE-2018-8396 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2018-10-15 | 1.9 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398. | |||||
| CVE-2018-14023 | 1 Signal | 1 Signal-desktop | 2018-10-15 | 2.1 LOW | 4.0 MEDIUM |
| Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. | |||||
| CVE-2016-7258 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2018-10-12 | 2.1 LOW | 5.5 MEDIUM |
| The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability." | |||||
| CVE-2016-7278 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 2.6 LOW | 5.3 MEDIUM |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability." | |||||
| CVE-2016-7219 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2018-10-12 | 2.1 LOW | 5.5 MEDIUM |
| The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability." | |||||
| CVE-2016-7220 | 1 Microsoft | 1 Windows 10 | 2018-10-12 | 2.1 LOW | 3.3 LOW |
| Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka "Virtual Secure Mode Information Disclosure Vulnerability." | |||||
| CVE-2016-7257 | 1 Microsoft | 4 Office For Mac, Windows 7, Windows Server 2008 and 1 more | 2018-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." | |||||
| CVE-2016-7199 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 2.6 LOW | 3.1 LOW |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2016-7227 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 2.6 LOW | 3.1 LOW |
| The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2016-7252 | 1 Microsoft | 1 Sql Server | 2018-10-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnerability." | |||||
| CVE-2016-7204 | 1 Microsoft | 1 Edge | 2018-10-12 | 2.6 LOW | 3.1 LOW |
| Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." | |||||
| CVE-2016-7233 | 1 Microsoft | 9 Excel For Mac, Office, Office Compatibility Pack and 6 more | 2018-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||
| CVE-2016-7210 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2018-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka "Open Type Font Information Disclosure Vulnerability." | |||||
| CVE-2016-7284 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2016-7239 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 2.6 LOW | 3.1 LOW |
| The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2016-7216 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2018-10-12 | 2.1 LOW | 5.5 MEDIUM |
| The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | |||||
| CVE-2016-7214 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2018-10-12 | 2.1 LOW | 3.3 LOW |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka "Win32k Information Disclosure Vulnerability." | |||||
| CVE-2016-7218 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2018-10-12 | 1.9 LOW | 4.7 MEDIUM |
| Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability." | |||||
| CVE-2016-4232 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors. | |||||
| CVE-2016-4178 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-3321 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 1.9 LOW | 2.5 LOW |
| Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2016-3273 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 2.6 LOW | 5.3 MEDIUM |
| The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||