Total
8276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5112 | 1 Iwork | 1 Webglimpse | 2025-04-11 | 5.0 MEDIUM | N/A |
| wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request. | |||||
| CVE-2013-4043 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | 5.0 MEDIUM | N/A |
| The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request. | |||||
| CVE-2011-0736 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 4.3 MEDIUM | 5.3 MEDIUM |
| Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure | |||||
| CVE-2012-5554 | 2 Coleman Watts, Drupal | 2 Webform Civicrm, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms. | |||||
| CVE-2011-1498 | 1 Apache | 1 Httpclient | 2025-04-11 | 4.3 MEDIUM | N/A |
| Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header. | |||||
| CVE-2011-3694 | 1 Netsaro | 1 Enterprise Messenger Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL. | |||||
| CVE-2012-0731 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | 6.8 MEDIUM | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2012-5657 | 1 Zend | 1 Zend Framework | 2025-04-11 | 5.0 MEDIUM | N/A |
| The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. | |||||
| CVE-2012-1348 | 1 Cisco | 1 Wide Area Application Services | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. | |||||
| CVE-2010-4073 | 4 Debian, Linux, Opensuse and 1 more | 7 Debian Linux, Linux Kernel, Opensuse and 4 more | 2025-04-11 | 1.9 LOW | N/A |
| The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. | |||||
| CVE-2011-4360 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2025-04-11 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter. | |||||
| CVE-2013-6953 | 1 Dotnetblogengine | 1 Blogengine.net | 2025-04-11 | 5.0 MEDIUM | N/A |
| BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. | |||||
| CVE-2013-5991 | 1 Lockon | 1 Ec-cube | 2025-04-11 | 4.3 MEDIUM | N/A |
| The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output. | |||||
| CVE-2011-2983 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | |||||
| CVE-2013-0677 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 5.8 MEDIUM | N/A |
| The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file. | |||||
| CVE-2013-1216 | 1 Cisco | 1 Ios Xr | 2025-04-11 | 4.0 MEDIUM | N/A |
| Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. | |||||
| CVE-2012-3034 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 4.3 MEDIUM | N/A |
| WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. | |||||
| CVE-2013-3235 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-7130 | 1 Openstack | 4 Compute, Grizzly, Havana and 1 more | 2025-04-11 | 7.1 HIGH | N/A |
| The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. | |||||
| CVE-2013-2006 | 1 Openstack | 1 Keystone | 2025-04-11 | 2.1 LOW | N/A |
| OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. | |||||