Total
9158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0800 | 1 Moodle | 1 Moodle | 2025-04-11 | 2.1 LOW | N/A |
| The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. | |||||
| CVE-2011-3771 | 1 Gnu | 1 Phpbook | 2025-04-11 | 5.0 MEDIUM | N/A |
| phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files. | |||||
| CVE-2013-6237 | 1 Islonline | 2 Isl Desktop Plugin, Isl Light | 2025-04-11 | 3.5 LOW | N/A |
| The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session. | |||||
| CVE-2011-1074 | 1 Freebsd | 1 Freebsd | 2025-04-11 | 1.9 LOW | N/A |
| crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname. | |||||
| CVE-2012-0647 | 1 Apple | 1 Safari | 2025-04-11 | 5.0 MEDIUM | N/A |
| WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | |||||
| CVE-2011-5126 | 1 Bluecoat | 1 Sgos | 2025-04-11 | 5.0 MEDIUM | N/A |
| Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file. | |||||
| CVE-2014-1962 | 1 Sap | 1 Customer Relationship Management | 2025-04-11 | 5.0 MEDIUM | N/A |
| Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2012-6512 | 1 Organizer Project | 1 Organizer | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php. | |||||
| CVE-2013-6656 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-3754 | 1 Mambo-foundation | 1 Mambo | 2025-04-11 | 5.0 MEDIUM | N/A |
| Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. | |||||
| CVE-2010-3860 | 1 Redhat | 1 Icedtea | 2025-04-11 | 5.0 MEDIUM | N/A |
| IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | |||||
| CVE-2012-0950 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949. | |||||
| CVE-2010-2264 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. | |||||
| CVE-2011-3806 | 1 Tecnick | 1 Tcexam | 2025-04-11 | 5.0 MEDIUM | N/A |
| TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files. | |||||
| CVE-2013-2061 | 2 Opensuse, Openvpn | 3 Opensuse, Openvpn, Openvpn Access Server | 2025-04-11 | 2.6 LOW | N/A |
| The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. | |||||
| CVE-2011-2152 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | |||||
| CVE-2011-3706 | 1 Atutor | 1 Atutor | 2025-04-11 | 5.0 MEDIUM | N/A |
| ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files. | |||||
| CVE-2011-3815 | 1 Webidsupport | 1 Webid | 2025-04-11 | 5.0 MEDIUM | N/A |
| WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files. | |||||
| CVE-2010-0548 | 1 Xerox | 7 Workcentre 5632, Workcentre 5638, Workcentre 5645 and 4 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization. | |||||
| CVE-2012-2296 | 2 Drupal, Janrain | 2 Drupal, Rpx | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability. | |||||