Vulnerabilities (CVE)

Filtered by CWE-200
Total 7405 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-3901 2 Linux, Suspend2 2 Linux Kernel, Software Suspend 2 2024-02-28 2.1 LOW N/A
Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
CVE-2009-3727 1 Digium 3 Asterisk, Asterisknow, S800i 2024-02-28 5.0 MEDIUM N/A
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
CVE-2008-3327 1 Moodle 1 Moodle 2024-02-28 4.3 MEDIUM N/A
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.
CVE-2009-1713 1 Apple 1 Safari 2024-02-28 7.1 HIGH N/A
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
CVE-2008-7154 1 Docebo 1 Docebo 2024-02-28 5.0 MEDIUM N/A
Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message.
CVE-2008-0050 1 Apple 2 Mac Os X, Mac Os X Server 2024-02-28 5.0 MEDIUM N/A
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.
CVE-2009-0678 1 Ravenphpscripts 1 Ravennuke 2024-02-28 5.0 MEDIUM N/A
images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.
CVE-2008-3451 1 Phpwebgallery 1 Phpwebgallery 2024-02-28 4.0 MEDIUM N/A
PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.
CVE-2008-1580 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2024-02-28 4.3 MEDIUM N/A
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.
CVE-2009-0229 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more 2024-02-28 4.9 MEDIUM N/A
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
CVE-2009-2042 1 Libpng 1 Libpng 2024-02-28 4.3 MEDIUM N/A
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
CVE-2008-4593 1 Apple 1 Iphone 2024-02-28 1.2 LOW N/A
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416.
CVE-2008-2864 1 Elinestudio 1 Site Composer 2024-02-28 5.0 MEDIUM N/A
eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path.
CVE-2009-3946 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM N/A
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.
CVE-2008-0995 1 Apple 2 Mac Os X, Mac Os X Server 2024-02-28 2.6 LOW N/A
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.
CVE-2008-2937 1 Postfix 1 Postfix 2024-02-28 1.9 LOW N/A
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
CVE-2008-4033 1 Microsoft 13 Expression Web, Groove, Office and 10 more 2024-02-28 4.3 MEDIUM N/A
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
CVE-2008-3644 1 Apple 1 Safari 2024-02-28 1.9 LOW N/A
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
CVE-2009-0612 1 Trendmicro 2 Interscan Web Security Suite, Interscan Web Security Virtual Appliance 2024-02-28 4.3 MEDIUM N/A
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
CVE-2008-5099 1 Sun 1 Logical Domain Manager 2024-02-28 4.6 MEDIUM N/A
Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992.