Total
8218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1076 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2007-5129 | 1 Boesch-it | 1 Simpgb | 2025-04-09 | 5.0 MEDIUM | N/A |
| SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. | |||||
| CVE-2007-2253 | 1 Exponent | 1 Exponent Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. | |||||
| CVE-2009-3457 | 1 Cisco | 2 Ace Web Application Firewall, Ace Xml Gateway | 2025-04-09 | 5.0 MEDIUM | N/A |
| Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. | |||||
| CVE-2007-5028 | 1 Dibbler | 1 Dibbler | 2025-04-09 | 7.5 HIGH | N/A |
| Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors. | |||||
| CVE-2008-6063 | 1 Microsoft | 1 Word | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. | |||||
| CVE-2009-0278 | 1 Sun | 1 Java System Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. | |||||
| CVE-2009-4298 | 1 Moodle | 1 Moodle | 2025-04-09 | 5.0 MEDIUM | N/A |
| The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. | |||||
| CVE-2008-0784 | 1 Cacti | 1 Cacti | 2025-04-09 | 5.0 MEDIUM | N/A |
| graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. | |||||
| CVE-2009-0711 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2025-04-09 | 5.0 MEDIUM | N/A |
| filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown. | |||||
| CVE-2009-3097 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5922 | 2 Bitchx, Cypress | 2 Bitchx, Cypress | 2025-04-09 | 5.0 MEDIUM | N/A |
| The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. | |||||
| CVE-2006-5858 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Services | 2025-04-09 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. | |||||
| CVE-2009-1949 | 1 Unclassified | 1 Newsboard | 2025-04-09 | 7.8 HIGH | N/A |
| import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2006-7086 | 1 Mrcgiguy | 1 Hot Links | 2025-04-09 | 4.3 MEDIUM | N/A |
| The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter. | |||||
| CVE-2007-5899 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
| The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. | |||||
| CVE-2008-4125 | 1 Phpbb | 1 Phpbb | 2025-04-09 | 5.0 MEDIUM | N/A |
| The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632. | |||||
| CVE-2009-0358 | 1 Mozilla | 1 Firefox | 2025-04-09 | 3.3 LOW | N/A |
| Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | |||||
| CVE-2009-3554 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-09 | 2.1 LOW | N/A |
| Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2009-4333 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.5 HIGH | N/A |
| The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. | |||||