Total
8080 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0278 | 1 Sun | 1 Java System Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. | |||||
CVE-2007-6193 | 1 Citrix | 1 Netscaler | 2025-04-09 | 5.0 MEDIUM | N/A |
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. | |||||
CVE-2007-5011 | 1 Wilson Windowware | 1 Webbatch | 2025-04-09 | 5.0 MEDIUM | N/A |
webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter. | |||||
CVE-2008-1598 | 1 Ibm | 1 Aix | 2025-04-09 | 4.7 MEDIUM | N/A |
The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors. | |||||
CVE-2008-4693 | 1 Ibm | 1 Db2 | 2025-04-09 | 5.0 MEDIUM | N/A |
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | |||||
CVE-2007-5444 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 5.0 MEDIUM | N/A |
CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files. | |||||
CVE-2009-3457 | 1 Cisco | 2 Ace Web Application Firewall, Ace Xml Gateway | 2025-04-09 | 5.0 MEDIUM | N/A |
Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. | |||||
CVE-2008-0297 | 1 Keil Software | 1 Photokorn | 2025-04-09 | 5.0 MEDIUM | N/A |
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. | |||||
CVE-2008-1135 | 1 Omegasoft | 1 Interneserviceslosungen | 2025-04-09 | 5.0 MEDIUM | N/A |
OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames. | |||||
CVE-2007-5379 | 1 David Hansson | 1 Ruby On Rails | 2025-04-09 | 5.0 MEDIUM | N/A |
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file. | |||||
CVE-2008-0191 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 5.0 MEDIUM | N/A |
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. | |||||
CVE-2008-3094 | 1 Organic Groups Project | 1 Organic Groups | 2025-04-09 | 4.3 MEDIUM | N/A |
The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors. | |||||
CVE-2009-1239 | 1 Ibm | 1 Db2 | 2025-04-09 | 5.0 MEDIUM | N/A |
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. | |||||
CVE-2007-6283 | 4 Centos, Fedoraproject, Oracle and 1 more | 9 Centos, Fedora Core, Linux and 6 more | 2025-04-09 | 4.9 MEDIUM | N/A |
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. | |||||
CVE-2009-1276 | 2 Gnome, Sun | 3 Gnome, Opensolaris, Solaris | 2025-04-09 | 2.1 LOW | N/A |
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. | |||||
CVE-2009-1296 | 1 Ubuntu | 2 73-oubuntu, Ubuntu | 2025-04-09 | 1.9 LOW | N/A |
The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root. | |||||
CVE-2008-4560 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 7.8 HIGH | N/A |
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205. | |||||
CVE-2007-5333 | 1 Apache | 1 Tomcat | 2025-04-09 | 5.0 MEDIUM | N/A |
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. | |||||
CVE-2008-1292 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2025-04-09 | 4.3 MEDIUM | N/A |
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. | |||||
CVE-2007-6514 | 2 Apache, Linux | 2 Http Server, Linux Kernel | 2025-04-09 | 4.3 MEDIUM | N/A |
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. |