Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0549 1 Xerox 2 Workcentre 6400 Net Controller, Workcentre 6400 System Software 2025-04-11 N/A
Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability."
CVE-2011-5126 1 Bluecoat 1 Sgos 2025-04-11 N/A
Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file.
CVE-2010-1138 2 Microsoft, Vmware 6 Windows, Ace, Fusion and 3 more 2025-04-11 N/A
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.
CVE-2011-2042 1 Cisco 1 Ciscoworks Common Services 2025-04-11 N/A
The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018.
CVE-2010-4760 1 Otrs 1 Otrs 2025-04-11 N/A
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
CVE-2011-3265 1 Zabbix 1 Zabbix 2025-04-11 N/A
popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter.
CVE-2011-2081 1 Inventivetec 1 Mediacast 2025-04-11 N/A
MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree.
CVE-2012-0328 1 Janetter 1 Janetter 2025-04-11 N/A
Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors.
CVE-2010-0385 1 Tor 1 Tor 2025-04-11 N/A
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query.
CVE-2012-4846 1 Ibm 1 Lotus Notes 2025-04-11 N/A
IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.
CVE-2011-2076 1 Inventivetec 1 Mediacast 2025-04-11 N/A
MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216.
CVE-2010-3062 1 Php 1 Php 2025-04-11 N/A
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
CVE-2012-4530 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2008-7292 2 Microsoft, Mozilla 2 Windows, Bugzilla 2025-04-11 N/A
Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.
CVE-2011-1074 1 Freebsd 1 Freebsd 2025-04-11 N/A
crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname.
CVE-2012-0837 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
CVE-2012-5055 2 Redhat, Vmware 2 Fuse Esb Enterprise, Springsource Spring Security 2025-04-11 N/A
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
CVE-2012-5890 2 Stanislas Rolland, Typo3 2 Sr Feuser Register, Typo3 2025-04-11 N/A
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.
CVE-2011-4897 1 Tor 1 Tor 2025-04-11 N/A
Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value.
CVE-2011-4896 1 Tor 1 Tor 2025-04-11 N/A
Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port.