Total
8076 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1289 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2025-04-09 | 4.0 MEDIUM | N/A |
| private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter. | |||||
| CVE-2009-3554 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-09 | 2.1 LOW | N/A |
| Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2007-6043 | 1 Microsoft | 1 Windows 2000 | 2025-04-09 | 7.1 HIGH | N/A |
| The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. | |||||
| CVE-2009-1494 | 1 Memcachedb | 1 Memcached | 2025-04-09 | 5.0 MEDIUM | N/A |
| The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port. | |||||
| CVE-2008-2721 | 1 Menalto | 1 Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. | |||||
| CVE-2007-0979 | 1 Lifetype | 1 Lifetype | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL." | |||||
| CVE-2008-4688 | 1 Mantis | 1 Mantis | 2025-04-09 | 5.0 MEDIUM | N/A |
| core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number. | |||||
| CVE-2008-1680 | 1 Future Nuke | 1 Php-nuke Platinum | 2025-04-09 | 5.0 MEDIUM | N/A |
| PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc. | |||||
| CVE-2009-3628 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 4.0 MEDIUM | N/A |
| The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element. | |||||
| CVE-2008-0598 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary. | |||||
| CVE-2009-4531 | 1 Jasper | 1 Httpdx | 2025-04-09 | 5.0 MEDIUM | N/A |
| httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI. | |||||
| CVE-2008-5519 | 1 Apache | 2 Mod Jk, Tomcat | 2025-04-09 | 2.6 LOW | N/A |
| The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. | |||||
| CVE-2008-4164 | 1 Memht | 1 Memht Portal | 2025-04-09 | 2.6 LOW | N/A |
| cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2007-2353 | 1 Apache | 1 Axis | 2025-04-09 | 5.0 MEDIUM | N/A |
| Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message. | |||||
| CVE-2007-6150 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 2.1 LOW | N/A |
| The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values. | |||||
| CVE-2009-1769 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2025-04-09 | 5.0 MEDIUM | N/A |
| The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-2318 | 1 Apple | 2 Xcode, Xcode Tools | 2025-04-09 | 5.0 MEDIUM | N/A |
| The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. | |||||
| CVE-2009-3756 | 1 Kreotek | 1 Phpbms | 2025-04-09 | 5.0 MEDIUM | N/A |
| phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message. | |||||
| CVE-2009-3600 | 1 Freewebscriptz | 1 Hubscript | 2025-04-09 | 5.0 MEDIUM | N/A |
| HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2008-0736 | 1 Shoppingtree | 1 Candypress Store | 2025-04-09 | 5.0 MEDIUM | N/A |
| admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter. | |||||