Search Results (10813 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3758 1 Moundlabs 1 \ 2025-04-11 N/A
::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smarty_internal_template.php and certain other files.
CVE-2010-0214 1 Polyvision 2 Roomwizard, Roomwizard Firmware 2025-04-11 N/A
The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI.
CVE-2011-3728 1 Boonex 1 Dolphin 2025-04-11 N/A
Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.
CVE-2013-4569 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page.
CVE-2011-1103 1 F-secure 1 Policy Manager 2025-04-11 N/A
The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.
CVE-2011-3727 1 Dokuwiki 1 Dokuwiki 2025-04-11 N/A
DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files.
CVE-2011-3771 1 Gnu 1 Phpbook 2025-04-11 N/A
phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files.
CVE-2013-0212 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Image Registry And Delivery Service \(glance\), Openstack 2025-04-11 N/A
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
CVE-2013-0218 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform 2025-04-11 N/A
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
CVE-2011-1131 1 Simplemachines 1 Smf 2025-04-11 N/A
The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search.
CVE-2011-1310 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files.
CVE-2012-4208 4 Canonical, Mozilla, Opensuse and 1 more 8 Ubuntu Linux, Firefox, Seamonkey and 5 more 2025-04-11 N/A
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
CVE-2010-4563 1 Linux 1 Linux Kernel 2025-04-11 N/A
The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
CVE-2011-1502 1 Liferay 1 Liferay Portal 2025-04-11 N/A
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
CVE-2012-0130 1 Hp 1 Onboard Administrator 2025-04-11 N/A
HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2010-2982 1 Cisco 1 Unified Wireless Network Solution Software 2025-04-11 N/A
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037.
CVE-2011-3723 1 Craftysyntax 1 Crafty Syntax 2025-04-11 N/A
Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files.
CVE-2010-2975 1 Cisco 1 Unified Wireless Network Solution Software 2025-04-11 N/A
Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
CVE-2010-0042 2 Apple, Microsoft 2 Safari, Windows 2025-04-11 N/A
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
CVE-2010-4401 1 Dynpg 1 Dynpg 2025-04-11 N/A
languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.