Total
7826 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2681 | 1 Realm Project | 1 Realm Cms | 2023-12-10 | 5.0 MEDIUM | N/A |
| Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message. | |||||
| CVE-2009-3951 | 2 Adobe, Microsoft | 3 Adobe Air, Flash Player, Windows | 2023-12-10 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. | |||||
| CVE-2008-3248 | 1 Symantec | 1 Veritas File System | 2023-12-10 | 4.6 MEDIUM | N/A |
| qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files. | |||||
| CVE-2008-1014 | 1 Apple | 1 Quicktime | 2023-12-10 | 4.3 MEDIUM | N/A |
| Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2008-3060 | 1 V-webmail | 1 V-webmail | 2023-12-10 | 5.0 MEDIUM | N/A |
| V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. | |||||
| CVE-2008-3040 | 1 Typo3 | 1 Dam Frontend Extension | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2008-3896 | 1 Gnu | 1 Grub Legacy | 2023-12-10 | 2.1 LOW | N/A |
| Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2009-1412 | 2 Google, Microsoft | 2 Chrome, Internet Explorer | 2023-12-10 | 7.8 HIGH | N/A |
| Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions. | |||||
| CVE-2009-2797 | 2 Apple, Canonical | 2 Iphone Os, Ubuntu Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
| The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. | |||||
| CVE-2008-4412 | 1 Hp | 1 Systems Insight Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-3782 | 2 2bits, Drupal | 2 Userpoints, Drupal | 2023-12-10 | 3.5 LOW | N/A |
| Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. | |||||
| CVE-2008-3651 | 1 Linux | 1 Ipsec Tools Racoon Daemon | 2023-12-10 | 4.0 MEDIUM | N/A |
| Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. | |||||
| CVE-2009-0320 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2023-12-10 | 4.0 MEDIUM | N/A |
| Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." | |||||
| CVE-2009-3452 | 1 Radactive | 1 I-load | 2023-12-10 | 5.0 MEDIUM | N/A |
| WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname. | |||||
| CVE-2008-0993 | 1 Apple | 3 Mac Os X, Mac Os X Server, Podcast Producer | 2023-12-10 | 2.1 LOW | N/A |
| Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. | |||||
| CVE-2008-4560 | 1 Hp | 1 Openview Network Node Manager | 2023-12-10 | 7.8 HIGH | N/A |
| HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205. | |||||
| CVE-2009-2115 | 1 Skybluecanvas | 1 Skybluecanvas | 2023-12-10 | 6.8 MEDIUM | N/A |
| admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message. | |||||
| CVE-2008-4635 | 2 Hisanaga Electric Co, Xoops | 2 Hisa Cart, Xoops | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors. | |||||
| CVE-2009-2856 | 1 Sun | 2 Solaris, Virtual Desktop Infrastructure | 2023-12-10 | 3.5 LOW | N/A |
| Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network. | |||||
| CVE-2008-0085 | 1 Microsoft | 7 Data Engine, Sql Server, Sql Server Desktop Engine and 4 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. | |||||