Export limit exceeded: 10826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10826 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-2326 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file.
CVE-2011-3126 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.
CVE-2012-3886 1 Airdroid 1 Airdroid 2025-04-11 N/A
AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack.
CVE-2013-6419 2 Openstack, Redhat 2 Havana, Openstack 2025-04-11 N/A
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.
CVE-2012-6097 1 Fedorahosted 1 Cronie 2025-04-11 N/A
File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab.
CVE-2011-3718 1 Cmsmadesimple 1 Cms Made Simple 2025-04-11 N/A
CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444.
CVE-2010-1914 1 Php 1 Php 2025-04-11 N/A
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function.
CVE-2011-2707 1 Linux 1 Linux Kernel 2025-04-11 6.0 Medium
The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.
CVE-2011-3717 1 Clip-bucket 1 Clipbucket 2025-04-11 N/A
ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files.
CVE-2010-2333 1 Litespeedtech 1 Litespeed Web Server 2025-04-11 N/A
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
CVE-2011-2737 1 Rsa 1 Envision 2025-04-11 N/A
RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability."
CVE-2012-5180 1 Opera 2 Opera Mini, Opera Mobile 2025-04-11 N/A
The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.
CVE-2013-5490 1 Cisco 1 Prime Data Center Network Manager 2025-04-11 N/A
Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.
CVE-2013-1231 1 Cisco 2 Webex Meetings Server, Webex Node For Mcs 2025-04-11 N/A
The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629.
CVE-2013-5454 1 Ibm 1 Websphere Portal 2025-04-11 N/A
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL.
CVE-2013-5453 1 Ibm 1 Security Appscan 2025-04-11 N/A
IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted.
CVE-2013-5452 1 Ibm 1 Filenet Business Process Framework 2025-04-11 N/A
IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2012-1464 1 Netmechanica 1 Netdecision 2025-04-11 N/A
Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information.
CVE-2011-3502 1 Cogentdatahub 1 Cogent Datahub 2025-04-11 N/A
The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).
CVE-2012-5916 1 Neocrome 1 Seditio 2025-04-11 N/A
Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql.