Total
9172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5550 | 1 Cisco | 1 Ios | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2025-04-09 | 7.5 HIGH | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | |||||
| CVE-2008-0978 | 1 Double-take Software | 1 Double-take | 2025-04-09 | 5.0 MEDIUM | N/A |
| Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries. | |||||
| CVE-2009-2046 | 1 Cisco | 1 Video Surveillance 2500 Series Ip Camera | 2025-04-09 | 6.8 MEDIUM | N/A |
| The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a (1) http or (2) https request, related to the (a) SD Camera Web Server and the (b) Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr96497. | |||||
| CVE-2008-6387 | 1 Activewebsoftwares | 1 Quick Tree View .net | 2025-04-09 | 5.0 MEDIUM | N/A |
| Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb. | |||||
| CVE-2008-1155 | 1 Cisco | 1 Network Admission Control | 2025-04-09 | 10.0 HIGH | N/A |
| Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs. | |||||
| CVE-2007-6660 | 1 2z Project | 1 2z Project | 2025-04-09 | 5.0 MEDIUM | N/A |
| 2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters, which reveals the path in various error messages. | |||||
| CVE-2008-7063 | 1 Ocean12tech | 1 Faq Manager Pro | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb. | |||||
| CVE-2007-2552 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-09 | 5.0 MEDIUM | N/A |
| The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds. | |||||
| CVE-2009-4322 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 5.0 MEDIUM | N/A |
| extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2007-5028 | 1 Dibbler | 1 Dibbler | 2025-04-09 | 7.5 HIGH | N/A |
| Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors. | |||||
| CVE-2008-1318 | 1 Mediawiki | 1 Mediawiki | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results. | |||||
| CVE-2009-3097 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-3777 | 1 Avaya | 3 Communication Manager, S8300c Server, Sip Enablement Services | 2025-04-09 | 2.1 LOW | N/A |
| The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs. | |||||
| CVE-2007-0259 | 1 Ezboxx | 1 Ezboxx Portal System | 2025-04-09 | 7.8 HIGH | N/A |
| Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message. | |||||
| CVE-2007-1564 | 1 Kde | 1 Konqueror | 2025-04-09 | 6.8 MEDIUM | N/A |
| The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
| CVE-2007-6417 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
| The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | |||||
| CVE-2008-4820 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2008-0598 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary. | |||||
| CVE-2008-6159 | 1 Hans Oesterholt | 1 Cmme | 2025-04-09 | 5.0 MEDIUM | N/A |
| Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function. | |||||