Total
8253 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1223 | 1 Rabidhamster | 1 R2\/extreme | 2025-04-11 | 5.0 MEDIUM | N/A |
| RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack. | |||||
| CVE-2014-1637 | 1 Doug Poulin | 1 Command School Student Management System | 2025-04-11 | 5.0 MEDIUM | N/A |
| Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request. | |||||
| CVE-2013-2273 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2025-04-11 | 5.0 MEDIUM | N/A |
| bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction. | |||||
| CVE-2011-3766 | 1 Orangehrm | 1 Orangehrm | 2025-04-11 | 5.0 MEDIUM | N/A |
| OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/orange/menu/Menu.php and certain other files. | |||||
| CVE-2012-5624 | 3 Canonical, Digia, Qt | 3 Ubuntu Linux, Qt, Qt | 2025-04-11 | 4.3 MEDIUM | N/A |
| The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. | |||||
| CVE-2011-3783 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-11 | 5.0 MEDIUM | N/A |
| phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files. | |||||
| CVE-2011-2720 | 1 Glpi-project | 1 Glpi | 2025-04-11 | 5.0 MEDIUM | N/A |
| The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request. | |||||
| CVE-2011-3701 | 1 Alegrocart | 1 Alegrocart | 2025-04-11 | 5.0 MEDIUM | N/A |
| AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files. | |||||
| CVE-2011-3712 | 1 Cakephp | 1 Cakephp | 2025-04-11 | 5.0 MEDIUM | N/A |
| CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files. | |||||
| CVE-2010-0383 | 1 Tor | 1 Tor | 2025-04-11 | 5.0 MEDIUM | N/A |
| Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations. | |||||
| CVE-2011-4894 | 1 Tor | 1 Tor | 2025-04-11 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. | |||||
| CVE-2010-0653 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
| Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | |||||
| CVE-2011-3802 | 1 Status | 1 Statusnet | 2025-04-11 | 5.0 MEDIUM | N/A |
| StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files. | |||||
| CVE-2011-2204 | 1 Apache | 1 Tomcat | 2025-04-11 | 1.9 LOW | N/A |
| Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. | |||||
| CVE-2011-4748 | 2 Parallels, Redhat | 2 Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 5.0 MEDIUM | N/A |
| The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files. | |||||
| CVE-2010-1907 | 1 Consona | 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance | 2025-04-11 | 4.3 MEDIUM | N/A |
| The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method. | |||||
| CVE-2013-3428 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 4.0 MEDIUM | N/A |
| The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. | |||||
| CVE-2012-6459 | 2 Intel, Linux | 2 Connman, Tizen | 2025-04-11 | 4.3 MEDIUM | N/A |
| ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. | |||||
| CVE-2013-5490 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-11 | 7.8 HIGH | N/A |
| Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148. | |||||
| CVE-2010-4158 | 4 Fedoraproject, Linux, Opensuse and 1 more | 7 Fedora, Linux Kernel, Opensuse and 4 more | 2025-04-11 | 2.1 LOW | N/A |
| The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. | |||||