Total
10691 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5890 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2025-04-11 | N/A |
| The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. | ||||
| CVE-2012-5884 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198. | ||||
| CVE-2012-4976 | 1 Layton Technology | 1 Helpbox | 2025-04-11 | N/A |
| selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page. | ||||
| CVE-2011-3809 | 1 Thehostingtool | 1 Thehostingtool | 2025-04-11 | N/A |
| TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files. | ||||
| CVE-2012-4698 | 1 Siemens | 4 Ros, Rox I Os, Rox Ii Os and 1 more | 2025-04-11 | N/A |
| Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. | ||||
| CVE-2012-4591 | 1 Mcafee | 1 Enterprise Mobility Manager | 2025-04-11 | N/A |
| About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. | ||||
| CVE-2012-4511 | 1 Gnome | 1 Libsocialweb | 2025-04-11 | N/A |
| services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | ||||
| CVE-2012-4429 | 2 David King, Redhat | 2 Vino, Enterprise Linux | 2025-04-11 | N/A |
| Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900. | ||||
| CVE-2011-3756 | 1 Microblog | 1 Microblog | 2025-04-11 | N/A |
| MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files. | ||||
| CVE-2012-4390 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. | ||||
| CVE-2012-4257 | 1 George Karpouzas | 1 Yet Another Question \& Answer System | 2025-04-11 | N/A |
| Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message. | ||||
| CVE-2012-4256 | 2 Joobi, Joomla | 2 Com Jnews, Joomla\! | 2025-04-11 | N/A |
| The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. | ||||
| CVE-2012-4255 | 1 Mysqldumper | 1 Mysqldumper | 2025-04-11 | N/A |
| MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. | ||||
| CVE-2011-3747 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. | ||||
| CVE-2011-3729 | 1 Dotproject | 1 Dotproject | 2025-04-11 | N/A |
| dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files. | ||||
| CVE-2011-3710 | 1 Bbpress | 1 Bbpress | 2025-04-11 | N/A |
| bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files. | ||||
| CVE-2011-3709 | 1 B2evolution | 1 B2evolution | 2025-04-11 | N/A |
| b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files. | ||||
| CVE-2011-3706 | 1 Atutor | 1 Atutor | 2025-04-11 | N/A |
| ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files. | ||||
| CVE-2011-3700 | 1 Anelectron | 1 Advanced Electron Forum | 2025-04-11 | N/A |
| Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php. | ||||
| CVE-2012-3829 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | ||||