Total
9301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6104 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
| blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. | |||||
| CVE-2013-2273 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2025-04-11 | 5.0 MEDIUM | N/A |
| bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction. | |||||
| CVE-2012-5890 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. | |||||
| CVE-2011-3726 | 1 Docebo | 1 Docebolms | 2025-04-11 | 5.0 MEDIUM | N/A |
| DoceboLMS 4.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by views/dummy/show.php and certain other files. | |||||
| CVE-2011-3740 | 1 Frontaccounting | 1 Frontaccounting | 2025-04-11 | 5.0 MEDIUM | N/A |
| FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files. | |||||
| CVE-2014-1664 | 1 Citrix | 1 Gotomeeting | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file. | |||||
| CVE-2012-5516 | 1 Redhat | 1 Enterprise Virtualization Manager | 2025-04-11 | 2.1 LOW | N/A |
| Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2010-3342 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Vista and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. | |||||
| CVE-2013-7224 | 1 Fatfreecrm | 1 Fat Free Crm | 2025-04-11 | 5.0 MEDIUM | N/A |
| Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json. | |||||
| CVE-2010-0384 | 1 Tor | 1 Tor | 2025-04-11 | 2.1 LOW | N/A |
| Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files. | |||||
| CVE-2011-3704 | 1 Apprain | 1 Apprain | 2025-04-11 | 5.0 MEDIUM | N/A |
| appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php. | |||||
| CVE-2011-0031 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | 4.3 MEDIUM | N/A |
| The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." | |||||
| CVE-2013-6709 | 1 Cisco | 1 Webex Training Center | 2025-04-11 | 5.0 MEDIUM | N/A |
| The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111. | |||||
| CVE-2013-0567 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 4.0 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0475. | |||||
| CVE-2011-0195 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
| The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. | |||||
| CVE-2012-0651 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. | |||||
| CVE-2011-4766 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment | |||||
| CVE-2010-1407 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-11 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. | |||||
| CVE-2013-0505 | 1 Ibm | 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation | 2025-04-11 | 5.5 MEDIUM | N/A |
| IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors. | |||||
| CVE-2011-3731 | 1 E107 | 1 E107 | 2025-04-11 | 5.0 MEDIUM | N/A |
| e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files. | |||||