Total
8080 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-2748 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | |||||
CVE-2007-6249 | 1 Gentoo | 2 Linux, Portage | 2025-04-09 | 2.1 LOW | N/A |
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. | |||||
CVE-2008-1291 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2025-04-09 | 4.3 MEDIUM | N/A |
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | |||||
CVE-2008-6961 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2025-04-09 | 4.3 MEDIUM | N/A |
mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties. | |||||
CVE-2008-5828 | 1 Microsoft | 1 Windows Live Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. | |||||
CVE-2008-3010 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Media Player and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." | |||||
CVE-2008-6981 | 1 Phpadultsite | 1 Phpadultsite Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid results_per_page parameter, which leaks the path in an error message. NOTE: this issue might be resultant from a separate SQL injection vulnerability. | |||||
CVE-2009-4609 | 1 Mortbay | 1 Jetty | 2025-04-09 | 5.0 MEDIUM | N/A |
The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable. | |||||
CVE-2008-2101 | 1 Vmware | 1 Esx | 2025-04-09 | 2.1 LOW | N/A |
The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
CVE-2008-2681 | 1 Realm Project | 1 Realm Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message. | |||||
CVE-2007-5196 | 1 Suse | 1 Suse Linux | 2025-04-09 | 7.5 HIGH | N/A |
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. | |||||
CVE-2008-7069 | 1 Paul Arbogast | 1 Accms | 2025-04-09 | 7.5 HIGH | N/A |
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat. | |||||
CVE-2008-1166 | 1 Flyspray | 1 Flyspray | 2025-04-09 | 5.0 MEDIUM | N/A |
Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | |||||
CVE-2008-4029 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability." | |||||
CVE-2008-3857 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 4.6 MEDIUM | N/A |
The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. | |||||
CVE-2007-0011 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 5.0 MEDIUM | N/A |
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. | |||||
CVE-2007-6536 | 1 Google | 1 Toolbar | 2025-04-09 | 6.8 MEDIUM | N/A |
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. | |||||
CVE-2007-3650 | 1 Mywebland | 1 Mybloggie | 2025-04-09 | 5.0 MEDIUM | 5.3 MEDIUM |
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages. | |||||
CVE-2009-4535 | 1 Valenok | 1 Mongoose | 2025-04-09 | 5.0 MEDIUM | N/A |
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI. | |||||
CVE-2009-1700 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. |