Total
7405 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5461 | 1 Oracle | 1 Bea Product Suite | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting. | |||||
CVE-2009-4300 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. | |||||
CVE-2009-3002 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. | |||||
CVE-2009-0358 | 1 Mozilla | 1 Firefox | 2024-02-28 | 3.3 LOW | N/A |
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | |||||
CVE-2008-6342 | 2 Lobacher Patrick, Typo3 | 2 Simplefilebrowser, Typo3 | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
CVE-2008-0993 | 1 Apple | 3 Mac Os X, Mac Os X Server, Podcast Producer | 2024-02-28 | 2.1 LOW | N/A |
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. | |||||
CVE-2008-5107 | 1 Citrix | 2 Desktop Server, Presentation Server | 2024-02-28 | 1.9 LOW | N/A |
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | |||||
CVE-2008-2747 | 2 Microsoft, No-ip | 2 Windows, Dynamic Update Client | 2024-02-28 | 2.1 LOW | N/A |
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. | |||||
CVE-2007-4514 | 1 Hp | 1 Procurve Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors. | |||||
CVE-2008-4638 | 1 Symantec | 1 Veritas File System | 2024-02-28 | 4.6 MEDIUM | N/A |
qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message. | |||||
CVE-2008-4688 | 1 Mantis | 1 Mantis | 2024-02-28 | 5.0 MEDIUM | N/A |
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number. | |||||
CVE-2008-4164 | 1 Memht | 1 Memht Portal | 2024-02-28 | 2.6 LOW | N/A |
cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
CVE-2009-0867 | 1 Fujitsu | 1 Enhanced Support Facility | 2024-02-28 | 5.0 MEDIUM | N/A |
The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection. | |||||
CVE-2008-5322 | 1 Easy-script | 1 Wysi Wiki Wyg | 2024-02-28 | 7.8 HIGH | N/A |
Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function. | |||||
CVE-2009-0711 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2024-02-28 | 5.0 MEDIUM | N/A |
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown. | |||||
CVE-2009-0580 | 1 Apache | 1 Tomcat | 2024-02-28 | 4.3 MEDIUM | N/A |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | |||||
CVE-2008-3893 | 1 Microsoft | 1 Windows Vista | 2024-02-28 | 1.9 LOW | N/A |
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
CVE-2008-4113 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.7 MEDIUM | N/A |
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function. | |||||
CVE-2008-5828 | 1 Microsoft | 1 Windows Live Messenger | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. | |||||
CVE-2008-6896 | 1 3cx | 1 Phone System | 2024-02-28 | 5.0 MEDIUM | N/A |
login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path. |