Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1892 | 1 Microsoft | 10 Forms Server, Groove, Groove Data Bridge Server and 7 more | 2025-04-11 | 4.0 MEDIUM | N/A |
| Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." | |||||
| CVE-2013-4698 | 1 Cybozu | 1 Mailwise | 2025-04-11 | 3.5 LOW | N/A |
| Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox. | |||||
| CVE-2012-3718 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 2.1 LOW | N/A |
| Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | |||||
| CVE-2013-1402 | 1 Digitiliti | 1 Digilibe | 2025-04-11 | 5.0 MEDIUM | N/A |
| DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html. | |||||
| CVE-2011-3777 | 1 Phpfreechat | 1 Phpfreechat | 2025-04-11 | 5.0 MEDIUM | N/A |
| phpFreeChat 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/zilveer/style.css.php and certain other files. | |||||
| CVE-2011-0579 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2010-0523 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet. | |||||
| CVE-2012-1223 | 1 Rabidhamster | 1 R2\/extreme | 2025-04-11 | 5.0 MEDIUM | N/A |
| RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack. | |||||
| CVE-2012-2165 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 3.5 LOW | N/A |
| IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. | |||||
| CVE-2008-7281 | 1 Otrs | 1 Otrs | 2025-04-11 | 4.3 MEDIUM | N/A |
| Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field. | |||||
| CVE-2009-2899 | 1 Vmware | 1 Hyperic Hq | 2025-04-11 | 2.1 LOW | N/A |
| The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments. | |||||
| CVE-2013-7249 | 1 Fatfreecrm | 1 Fat Free Crm | 2025-04-11 | 5.0 MEDIUM | N/A |
| Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224. | |||||
| CVE-2012-2387 | 1 Debian | 1 Devotee | 2025-04-11 | 5.0 MEDIUM | N/A |
| devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack. | |||||
| CVE-2010-1125 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 5.8 MEDIUM | N/A |
| The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. | |||||
| CVE-2011-1569 | 1 Douran | 1 Portal | 2025-04-11 | 5.0 MEDIUM | N/A |
| download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter. | |||||
| CVE-2010-3979 | 1 Sap | 1 Businessobjects | 2025-04-11 | 5.0 MEDIUM | N/A |
| Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. | |||||
| CVE-2011-4698 | 2 Android, Androidapptools | 2 Android, Easy Filter | 2025-04-11 | 6.4 MEDIUM | N/A |
| The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application. | |||||
| CVE-2011-3730 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files. | |||||
| CVE-2010-0464 | 1 Roundcube | 1 Webmail | 2025-04-11 | 5.0 MEDIUM | N/A |
| Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | |||||
| CVE-2011-3823 | 1 Yamamah | 1 Yamamah | 2025-04-11 | 5.0 MEDIUM | N/A |
| Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files. | |||||