Total
9172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1255 | 1 Memcachedb | 1 Memcached | 2025-04-09 | 5.0 MEDIUM | N/A |
| The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port. | |||||
| CVE-2009-3199 | 1 Uebimiau | 1 Uebimiau | 2025-04-09 | 5.0 MEDIUM | N/A |
| Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf. | |||||
| CVE-2008-6981 | 1 Phpadultsite | 1 Phpadultsite Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid results_per_page parameter, which leaks the path in an error message. NOTE: this issue might be resultant from a separate SQL injection vulnerability. | |||||
| CVE-2008-2018 | 1 Phpizabi | 1 Phpizabi | 2025-04-09 | 4.0 MEDIUM | N/A |
| The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user. | |||||
| CVE-2008-6420 | 1 Socialsitegenerator | 1 Social Site Generator | 2025-04-09 | 5.0 MEDIUM | N/A |
| Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. | |||||
| CVE-2006-6735 | 1 Obie Website | 1 Mini Web Shop | 2025-04-09 | 5.0 MEDIUM | N/A |
| modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal. | |||||
| CVE-2008-1135 | 1 Omegasoft | 1 Interneserviceslosungen | 2025-04-09 | 5.0 MEDIUM | N/A |
| OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2007-6512 | 1 Php | 1 Mysql Banner Exchange | 2025-04-09 | 5.0 MEDIUM | N/A |
| PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. | |||||
| CVE-2009-3457 | 1 Cisco | 2 Ace Web Application Firewall, Ace Xml Gateway | 2025-04-09 | 5.0 MEDIUM | N/A |
| Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. | |||||
| CVE-2007-6606 | 1 Openbiblio | 1 Openbiblio | 2025-04-09 | 5.0 MEDIUM | N/A |
| OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2008-3147 | 1 Wefi | 1 Wefi | 2025-04-09 | 4.7 MEDIUM | N/A |
| WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2009-2332 | 1 Cms.tut.su | 1 Cms Chainuk | 2025-04-09 | 5.0 MEDIUM | N/A |
| CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message. | |||||
| CVE-2008-4278 | 2 Microsoft, Vmware | 3 Windows, Virtual Infrastructure Client, Virtualcenter | 2025-04-09 | 2.1 LOW | N/A |
| VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. | |||||
| CVE-2008-3514 | 1 Vmware | 1 Virtualcenter | 2025-04-09 | 5.0 MEDIUM | N/A |
| VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users." | |||||
| CVE-2008-4033 | 1 Microsoft | 13 Expression Web, Groove, Office and 10 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." | |||||
| CVE-2008-4412 | 1 Hp | 1 Systems Insight Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-1140 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | 7.1 HIGH | N/A |
| Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability." | |||||
| CVE-2009-1494 | 1 Memcachedb | 1 Memcached | 2025-04-09 | 5.0 MEDIUM | N/A |
| The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port. | |||||
| CVE-2007-5470 | 1 Microsoft | 1 Expression Media | 2025-04-09 | 2.1 LOW | N/A |
| Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. | |||||
| CVE-2007-2022 | 2 Adobe, Opera | 2 Flash Player, Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
| Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | |||||