Total
7818 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1155 | 1 Cisco | 1 Network Admission Control | 2023-12-10 | 10.0 HIGH | N/A |
Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs. | |||||
CVE-2008-2937 | 1 Postfix | 1 Postfix | 2023-12-10 | 1.9 LOW | N/A |
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. | |||||
CVE-2003-1567 | 1 Microsoft | 1 Internet Information Services | 2023-12-10 | 5.8 MEDIUM | N/A |
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. | |||||
CVE-2009-4298 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | N/A |
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. | |||||
CVE-2008-0994 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 2.6 LOW | N/A |
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. | |||||
CVE-2008-0050 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 5.0 MEDIUM | N/A |
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | |||||
CVE-2009-3544 | 1 Xerver | 1 Xerver | 2023-12-10 | 5.0 MEDIUM | N/A |
Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. | |||||
CVE-2009-2260 | 1 Stardict | 1 Stardict | 2023-12-10 | 5.0 MEDIUM | N/A |
stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2008-6872 | 1 Aspthai.net | 1 Aspthai Forums | 2023-12-10 | 5.0 MEDIUM | N/A |
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb. | |||||
CVE-2008-5688 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 4.3 MEDIUM | N/A |
MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception. | |||||
CVE-2009-1898 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. | |||||
CVE-2008-2723 | 1 Menalto | 1 Gallery | 2023-12-10 | 5.0 MEDIUM | N/A |
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." | |||||
CVE-2008-3327 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | N/A |
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message. | |||||
CVE-2008-3900 | 1 Intel | 1 Bios | 2023-12-10 | 2.1 LOW | N/A |
Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
CVE-2008-3897 | 2 Freed0m, Microsoft | 2 Disckcryptor, Windows | 2023-12-10 | 2.1 LOW | N/A |
DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
CVE-2008-3474 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." | |||||
CVE-2008-4593 | 1 Apple | 1 Iphone | 2023-12-10 | 1.2 LOW | N/A |
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. | |||||
CVE-2008-5346 | 1 Sun | 3 Jdk, Jre, Sdk | 2023-12-10 | 7.1 HIGH | N/A |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. | |||||
CVE-2007-5431 | 2 Javaatwork, Scottmanktelow | 2 Myftpuploader Module, Stride | 2023-12-10 | 7.8 HIGH | N/A |
include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code. | |||||
CVE-2007-5899 | 1 Php | 1 Php | 2023-12-10 | 4.3 MEDIUM | N/A |
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. |