Total
10402 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4580 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site. | ||||
| CVE-2011-3734 | 1 Energine | 1 Energine | 2025-04-11 | N/A |
| Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain other files. | ||||
| CVE-2010-2190 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. | ||||
| CVE-2010-3192 | 1 Gnu | 1 Glibc | 2025-04-11 | N/A |
| Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. | ||||
| CVE-2010-4804 | 1 Google | 1 Android | 2025-04-11 | N/A |
| The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. | ||||
| CVE-2011-3736 | 1 Exoscripts | 1 Exophpdesk | 2025-04-11 | N/A |
| ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by upgrades/upgrade9.php and certain other files. | ||||
| CVE-2011-3730 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files. | ||||
| CVE-2011-3767 | 1 Oscommerce | 1 Oscommerce | 2025-04-11 | N/A |
| osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php. | ||||
| CVE-2012-0744 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | N/A |
| IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script. | ||||
| CVE-2011-3768 | 1 Phorum | 1 Phorum | 2025-04-11 | N/A |
| Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files. | ||||
| CVE-2013-3319 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | ||||
| CVE-2011-3769 | 1 Blondish | 1 Phpads | 2025-04-11 | N/A |
| PHPads 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ads.inc.php. | ||||
| CVE-2013-4044 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2025-04-11 | N/A |
| IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request. | ||||
| CVE-2011-3770 | 1 Phpalbum | 1 Phpalbum | 2025-04-11 | N/A |
| phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files. | ||||
| CVE-2011-3771 | 1 Gnu | 1 Phpbook | 2025-04-11 | N/A |
| phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files. | ||||
| CVE-2011-3772 | 1 Php-collab | 1 Phpcollab | 2025-04-11 | N/A |
| phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newtopic.php and certain other files. | ||||
| CVE-2010-0214 | 1 Polyvision | 2 Roomwizard, Roomwizard Firmware | 2025-04-11 | N/A |
| The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI. | ||||
| CVE-2011-1672 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2025-04-11 | N/A |
| The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password. | ||||
| CVE-2013-3469 | 1 Cisco | 1 Mobility Services Engine | 2025-04-11 | N/A |
| Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. | ||||
| CVE-2013-4628 | 1 Huawei | 3 Quidway Service Process Unit Board S7700, Quidway Service Process Unit Board S9300, Quidway Service Process Unit Board S9700 | 2025-04-11 | N/A |
| The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone. | ||||