Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2674 | 1 E-catchup | 1 Basercms | 2012-05-22 | 4.9 MEDIUM | N/A |
| BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2012-2342 | 2012-05-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5097. Reason: This candidate is a duplicate of CVE-2010-5097. Notes: All CVE users should reference CVE-2010-5097 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2343 | 2012-05-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5098. Reason: This candidate is a duplicate of CVE-2010-5098. Notes: All CVE users should reference CVE-2010-5098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2344 | 2012-05-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5099. Reason: This candidate is a duplicate of CVE-2010-5099. Notes: All CVE users should reference CVE-2010-5099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2345 | 2012-05-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5100. Reason: This candidate is a duplicate of CVE-2010-5100. Notes: All CVE users should reference CVE-2010-5100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2346 | 2012-05-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5101. Reason: This candidate is a duplicate of CVE-2010-5101. Notes: All CVE users should reference CVE-2010-5101 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2347 | 2012-05-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5102. Reason: This candidate is a duplicate of CVE-2010-5102. Notes: All CVE users should reference CVE-2010-5102 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2348 | 2012-05-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5103. Reason: This candidate is a duplicate of CVE-2010-5103. Notes: All CVE users should reference CVE-2010-5103 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2349 | 2012-05-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5104. Reason: This candidate is a reservation duplicate of CVE-2010-5104. Notes: All CVE users should reference CVE-2010-5104 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2120 | 1 Debian | 1 Texlive-extra-utils | 2012-05-21 | 3.3 LOW | N/A |
| latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2010-4842 | 1 Mhproducts | 1 Download Center | 2012-05-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-3684 | 1 Tembria | 1 Server Monitor | 2012-05-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp. | |||||
| CVE-2011-3685 | 1 Tembria | 1 Server Monitor | 2012-05-21 | 1.9 LOW | N/A |
| Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory. | |||||
| CVE-2011-3686 | 1 Sonexis | 1 Conferencemanager | 2012-05-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter. | |||||
| CVE-2011-3689 | 1 Wibu | 1 Codemeter Webadmin | 2012-05-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter. | |||||
| CVE-2011-3692 | 1 Netsaro | 1 Enterprise Messenger Server | 2012-05-21 | 1.9 LOW | N/A |
| NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step. | |||||
| CVE-2011-3693 | 1 Netsaro | 1 Enterprise Messenger Server | 2012-05-21 | 1.9 LOW | N/A |
| NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file. | |||||
| CVE-2011-3694 | 1 Netsaro | 1 Enterprise Messenger Server | 2012-05-21 | 5.0 MEDIUM | N/A |
| The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL. | |||||
| CVE-2011-3780 | 1 Phpicalendar | 1 Php Icalendar | 2012-05-21 | 5.0 MEDIUM | N/A |
| PHP iCalendar 2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by rss/rss_common.php and certain other files. | |||||
| CVE-2011-3781 | 1 Phpids | 1 Phpids | 2012-05-21 | 5.0 MEDIUM | N/A |
| PHPIDS 0.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/IDS/VersionTest.php and certain other files. | |||||
| CVE-2011-3782 | 1 Phplinkdirectory | 1 Phpld | 2012-05-21 | 5.0 MEDIUM | N/A |
| phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Smarty_Compiler.class.php and certain other files. | |||||
| CVE-2011-3783 | 1 Phpmyfaq | 1 Phpmyfaq | 2012-05-21 | 5.0 MEDIUM | N/A |
| phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files. | |||||
| CVE-2011-3784 | 1 Phpnuke | 1 Php-nuke | 2012-05-21 | 5.0 MEDIUM | N/A |
| Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files. | |||||
| CVE-2011-3785 | 1 Phppointofsale | 1 Php Point Of Sale | 2012-05-21 | 5.0 MEDIUM | N/A |
| PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | |||||
| CVE-2011-3786 | 1 Phprojekt | 1 Phprojekt | 2012-05-21 | 5.0 MEDIUM | N/A |
| PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php. | |||||
| CVE-2011-3787 | 1 Nick Korbel | 1 Phpscheduleit | 2012-05-21 | 5.0 MEDIUM | N/A |
| phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other files. | |||||
| CVE-2011-3788 | 1 Phpsec | 1 Phpsecinfo | 2012-05-21 | 5.0 MEDIUM | N/A |
| PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Test/Test_Suhosin.php and certain other files. | |||||
| CVE-2011-3789 | 1 Phpwcms | 1 Phpwcms | 2012-05-21 | 5.0 MEDIUM | N/A |
| phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/inc_script/frontend_render/disabled/majonavi.php and certain other files. | |||||
| CVE-2011-3790 | 1 Piwigo | 1 Piwigo | 2012-05-21 | 5.0 MEDIUM | N/A |
| Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files. | |||||
| CVE-2011-3792 | 1 Pixelpost | 1 Pixelpost | 2012-05-21 | 5.0 MEDIUM | N/A |
| Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files. | |||||
| CVE-2011-3794 | 1 Pligg | 1 Pligg Cms | 2012-05-21 | 5.0 MEDIUM | N/A |
| Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/init.php and certain other files. | |||||
| CVE-2011-3795 | 1 Betella | 1 Podcast Generator | 2012-05-21 | 5.0 MEDIUM | N/A |
| Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files. | |||||
| CVE-2011-3796 | 1 Prestashop | 1 Prestashop | 2012-05-21 | 5.0 MEDIUM | N/A |
| PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files. | |||||
| CVE-2011-3797 | 1 Projectpier | 1 Projectpier | 2012-05-21 | 5.0 MEDIUM | N/A |
| ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. | |||||
| CVE-2011-3799 | 1 Elazos | 1 Reos | 2012-05-21 | 5.0 MEDIUM | N/A |
| ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files. | |||||
| CVE-2011-3800 | 1 S9y | 1 Serendipity | 2012-05-21 | 5.0 MEDIUM | N/A |
| Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files. | |||||
| CVE-2011-3801 | 1 Simpletest | 1 Simpletest | 2012-05-21 | 5.0 MEDIUM | N/A |
| SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php and certain other files. | |||||
| CVE-2011-3802 | 1 Status | 1 Statusnet | 2012-05-21 | 5.0 MEDIUM | N/A |
| StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files. | |||||
| CVE-2011-3803 | 1 Sugarcrm | 1 Sugarcrm | 2012-05-21 | 5.0 MEDIUM | N/A |
| SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files. | |||||
| CVE-2011-3804 | 1 Basic-cms | 1 Sweetrice | 2012-05-21 | 5.0 MEDIUM | N/A |
| SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php. | |||||
| CVE-2011-3805 | 1 Taskfreak | 1 Taskfreak\! Multi-mysql | 2012-05-21 | 5.0 MEDIUM | N/A |
| TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files. | |||||
| CVE-2011-3806 | 1 Tecnick | 1 Tcexam | 2012-05-21 | 5.0 MEDIUM | N/A |
| TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files. | |||||
| CVE-2011-3807 | 1 Textpattern | 1 Textpattern | 2012-05-21 | 5.0 MEDIUM | N/A |
| Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files. | |||||
| CVE-2011-3808 | 1 Thebuggenie | 1 The Bug Genie | 2012-05-21 | 5.0 MEDIUM | N/A |
| The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other files. | |||||
| CVE-2011-3809 | 1 Thehostingtool | 1 Thehostingtool | 2012-05-21 | 5.0 MEDIUM | N/A |
| TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files. | |||||
| CVE-2011-3810 | 1 Tinywebgallery | 1 Tinywebgallery | 2012-05-21 | 5.0 MEDIUM | N/A |
| TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php. | |||||
| CVE-2011-3811 | 1 Tomatocart | 1 Tomatocart | 2012-05-21 | 5.0 MEDIUM | N/A |
| TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files. | |||||
| CVE-2011-3812 | 1 Vanillaforums | 1 Vanilla | 2012-05-21 | 5.0 MEDIUM | N/A |
| Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files. | |||||
| CVE-2011-3813 | 1 Vwar | 1 Virtual War | 2012-05-21 | 5.0 MEDIUM | N/A |
| Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files. | |||||
| CVE-2011-3815 | 1 Webidsupport | 1 Webid | 2012-05-21 | 5.0 MEDIUM | N/A |
| WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files. | |||||