Total
8384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1014 | 1 Apple | 1 Quicktime | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2008-2432 | 1 Novell | 1 Iprint | 2025-04-09 | 5.0 MEDIUM | N/A |
| Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. | |||||
| CVE-2008-1155 | 1 Cisco | 1 Network Admission Control | 2025-04-09 | 10.0 HIGH | N/A |
| Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs. | |||||
| CVE-2008-5322 | 1 Easy-script | 1 Wysi Wiki Wyg | 2025-04-09 | 7.8 HIGH | N/A |
| Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function. | |||||
| CVE-2007-6417 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
| The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | |||||
| CVE-2007-5654 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection." | |||||
| CVE-2007-6476 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2025-04-09 | 5.0 MEDIUM | N/A |
| GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2008-3901 | 2 Linux, Suspend2 | 2 Linux Kernel, Software Suspend 2 | 2025-04-09 | 2.1 LOW | N/A |
| Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2007-3850 | 2 Apple, Linux | 2 Powerpc, Linux Kernel | 2025-04-09 | 1.9 LOW | N/A |
| The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space. | |||||
| CVE-2007-3756 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. | |||||
| CVE-2007-5201 | 1 Duplicity Project | 1 Duplicity | 2025-04-09 | 4.6 MEDIUM | N/A |
| The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments. | |||||
| CVE-2008-0395 | 1 Kayako | 1 Supportsuite | 2025-04-09 | 5.0 MEDIUM | N/A |
| Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal. | |||||
| CVE-2009-0678 | 1 Ravenphpscripts | 1 Ravennuke | 2025-04-09 | 5.0 MEDIUM | N/A |
| images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message. | |||||
| CVE-2008-6521 | 1 Devraj Mukherjee | 1 Openterracotta | 2025-04-09 | 7.8 HIGH | N/A |
| index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote attackers to obtain sensitive information via an invalid File parameter, which reveals the installation path in an error message. | |||||
| CVE-2009-1706 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. | |||||
| CVE-2008-3339 | 1 Avidweb Technologies | 1 Jobbex Jobsite | 2025-04-09 | 6.8 MEDIUM | N/A |
| search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message. | |||||
| CVE-2009-0437 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2025-04-09 | 1.9 LOW | N/A |
| The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file. | |||||
| CVE-2008-3899 | 1 Truecrypt Foundation | 1 Truecrypt | 2025-04-09 | 2.1 LOW | N/A |
| TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability. | |||||
| CVE-2009-4530 | 1 Sergey Lyubka | 1 Mongoose | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. | |||||
| CVE-2008-5342 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. | |||||