Total
7821 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5725 | 1 Aep Networks | 1 Smartgate Ssl Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories. | |||||
CVE-2007-6417 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.2 HIGH | N/A |
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | |||||
CVE-2008-0593 | 1 Mozilla | 2 Firefox, Seamonkey | 2023-12-10 | 4.3 MEDIUM | N/A |
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. | |||||
CVE-2006-6953 | 1 Globetrotter | 1 Mobility Manager | 2023-12-10 | 2.1 LOW | N/A |
The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots. | |||||
CVE-2007-5432 | 1 Scottmanktelow | 1 Stride Cms | 2023-12-10 | 7.5 HIGH | N/A |
Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php. | |||||
CVE-2007-1167 | 1 Dzcp | 1 Dev\!l\'z Clanportal | 2023-12-10 | 5.0 MEDIUM | N/A |
inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter. | |||||
CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2023-12-10 | 5.0 MEDIUM | N/A |
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | |||||
CVE-2007-1563 | 1 Opera | 1 Opera Browser | 2023-12-10 | 6.8 MEDIUM | N/A |
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
CVE-2007-5439 | 1 Broadcom | 1 Etrust Integrated Threat Management | 2023-12-10 | 5.0 MEDIUM | N/A |
CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors. | |||||
CVE-2007-6702 | 1 Goahead Software | 2 Fs4104-aw Device, Goahead Webserver | 2023-12-10 | 5.0 MEDIUM | N/A |
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603. | |||||
CVE-2007-4655 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi. | |||||
CVE-2008-1181 | 1 Juniper | 1 Secure Access 2000 | 2023-12-10 | 5.0 MEDIUM | N/A |
Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message. | |||||
CVE-2006-6999 | 1 Headstart Solutions | 1 Deskpro | 2023-12-10 | 4.3 MEDIUM | N/A |
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter. | |||||
CVE-2007-5413 | 1 Hp | 2 Openview Client Configuraton Manager, Openview Configuration Management | 2023-12-10 | 7.8 HIGH | N/A |
httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root. | |||||
CVE-2008-0420 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 9.3 HIGH | N/A |
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. | |||||
CVE-2006-5229 | 2 Novell, Openbsd | 2 Suse Linux, Openssh | 2023-12-10 | 2.6 LOW | N/A |
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds. | |||||
CVE-2007-2768 | 2 Netapp, Openbsd | 5 Hci Management Node, Hci Storage Node, Solidfire and 2 more | 2023-12-10 | 4.3 MEDIUM | N/A |
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. | |||||
CVE-2007-6206 | 6 Canonical, Debian, Linux and 3 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2023-12-10 | 2.1 LOW | N/A |
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. | |||||
CVE-2006-6998 | 1 Headstart Solutions | 1 Deskpro | 2023-12-10 | 5.0 MEDIUM | N/A |
install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function. | |||||
CVE-2007-0979 | 1 Lifetype | 1 Lifetype | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL." |