Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3795 | 1 Betella | 1 Podcast Generator | 2025-04-11 | 5.0 MEDIUM | N/A |
| Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files. | |||||
| CVE-2010-2913 | 2 Apple, Citibank | 2 Iphone Os, Citi Mobile | 2025-04-11 | 2.1 LOW | N/A |
| The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer. | |||||
| CVE-2012-4235 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2025-04-11 | 5.0 MEDIUM | N/A |
| The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | |||||
| CVE-2011-4457 | 1 Owasp-java-html-sanitizer Project | 1 Owasp-java-html-sanitizer | 2025-04-11 | 2.6 LOW | N/A |
| OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element. | |||||
| CVE-2012-4198 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 4.0 MEDIUM | N/A |
| The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover private group names by observing whether a call throws an error. | |||||
| CVE-2011-3769 | 1 Blondish | 1 Phpads | 2025-04-11 | 5.0 MEDIUM | N/A |
| PHPads 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ads.inc.php. | |||||
| CVE-2013-0095 | 1 Microsoft | 1 Office | 2025-04-11 | 5.0 MEDIUM | N/A |
| Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." | |||||
| CVE-2010-3764 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. | |||||
| CVE-2011-3821 | 1 Xajax-project | 1 Xajax | 2025-04-11 | 5.0 MEDIUM | N/A |
| xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xajax_core/plugin_layer/xajaxScriptPlugin.inc.php and certain other files. | |||||
| CVE-2011-4731 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files. | |||||
| CVE-2012-1873 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." | |||||
| CVE-2010-1388 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document. | |||||
| CVE-2010-2982 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2025-04-11 | 7.1 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037. | |||||
| CVE-2011-4748 | 2 Parallels, Redhat | 2 Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 5.0 MEDIUM | N/A |
| The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files. | |||||
| CVE-2010-2323 | 1 Ibm | 2 Websphere Application Server, Zos | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. | |||||
| CVE-2012-0792 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts. | |||||
| CVE-2011-3309 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE responder traffic, aka Bug ID CSCtt07749. | |||||
| CVE-2011-3811 | 1 Tomatocart | 1 Tomatocart | 2025-04-11 | 5.0 MEDIUM | N/A |
| TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files. | |||||
| CVE-2011-2081 | 1 Inventivetec | 1 Mediacast | 2025-04-11 | 5.0 MEDIUM | N/A |
| MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree. | |||||
| CVE-2013-2243 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document. | |||||