Total
8171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3380 | 1 Cisco | 1 Secure Access Control Server Solution Engine | 2025-04-11 | 4.0 MEDIUM | N/A |
| The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. | |||||
| CVE-2013-5440 | 1 Ibm | 1 Infosphere Information Server | 2025-04-11 | 2.1 LOW | N/A |
| IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation. | |||||
| CVE-2013-1643 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. | |||||
| CVE-2011-3766 | 1 Orangehrm | 1 Orangehrm | 2025-04-11 | 5.0 MEDIUM | N/A |
| OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/orange/menu/Menu.php and certain other files. | |||||
| CVE-2013-4515 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. | |||||
| CVE-2013-4775 | 1 Netgear | 11 Prosafe Firmware, Prosafe Gs510tp, Prosafe Gs724t and 8 more | 2025-04-11 | 7.8 HIGH | N/A |
| NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config. | |||||
| CVE-2012-4591 | 1 Mcafee | 1 Enterprise Mobility Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. | |||||
| CVE-2012-6113 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data. | |||||
| CVE-2012-5544 | 2 Drupal, Thinkshout | 2 Drupal, Mandrill | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard. | |||||
| CVE-2011-1074 | 1 Freebsd | 1 Freebsd | 2025-04-11 | 1.9 LOW | N/A |
| crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname. | |||||
| CVE-2012-2296 | 2 Drupal, Janrain | 2 Drupal, Rpx | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability. | |||||
| CVE-2011-3812 | 1 Vanillaforums | 1 Vanilla | 2025-04-11 | 5.0 MEDIUM | N/A |
| Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files. | |||||
| CVE-2011-3775 | 1 Litoweb | 1 Phpfilenavigator | 2025-04-11 | 5.0 MEDIUM | N/A |
| PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xestion/varios/logs.inc.php and certain other files. | |||||
| CVE-2011-3769 | 1 Blondish | 1 Phpads | 2025-04-11 | 5.0 MEDIUM | N/A |
| PHPads 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ads.inc.php. | |||||
| CVE-2014-0806 | 1 Fenrir-inc | 1 Sleipnir Mobile | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls. | |||||
| CVE-2013-1944 | 2 Canonical, Haxx | 3 Ubuntu Linux, Curl, Libcurl | 2025-04-11 | 5.0 MEDIUM | N/A |
| The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. | |||||
| CVE-2012-0959 | 1 Remote Login Service Hackers | 1 Remote Login Service | 2025-04-11 | 2.1 LOW | N/A |
| Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials. | |||||
| CVE-2010-4822 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 4.3 MEDIUM | N/A |
| core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters. | |||||
| CVE-2013-6868 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-11 | 7.8 HIGH | N/A |
| SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-3804 | 1 Basic-cms | 1 Sweetrice | 2025-04-11 | 5.0 MEDIUM | N/A |
| SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php. | |||||