Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3978 | 1 Spreecommerce | 1 Spree | 2018-10-10 | 5.0 MEDIUM | N/A |
| Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue. | |||||
| CVE-2010-3014 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2018-10-10 | 1.2 LOW | N/A |
| The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read. | |||||
| CVE-2010-2989 | 1 Nessus | 2 Nessus, Web Server Plugin | 2018-10-10 | 5.0 MEDIUM | N/A |
| nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a response. | |||||
| CVE-2010-2859 | 1 Boesch-it | 1 Simpnews | 2018-10-10 | 5.0 MEDIUM | N/A |
| news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message. | |||||
| CVE-2010-1907 | 1 Consona | 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance | 2018-10-10 | 4.3 MEDIUM | N/A |
| The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method. | |||||
| CVE-2010-1126 | 1 Apple | 1 Webkit | 2018-10-10 | 5.8 MEDIUM | N/A |
| The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. | |||||
| CVE-2010-1125 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-10 | 5.8 MEDIUM | N/A |
| The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. | |||||
| CVE-2010-0790 | 1 Ncpfs | 1 Ncpfs | 2018-10-10 | 2.1 LOW | N/A |
| sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. | |||||
| CVE-2010-0551 | 1 Geopp | 1 Geo\+\+ Gncaster | 2018-10-10 | 5.0 MEDIUM | N/A |
| HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak" by some sources, but is better characterized as "memory disclosure." | |||||
| CVE-2010-0119 | 2 Becauseinter, Freebsd | 2 Bournal, Freebsd | 2018-10-10 | 2.1 LOW | N/A |
| Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing." | |||||
| CVE-2010-0009 | 1 Apache | 1 Couchdb | 2018-10-10 | 4.3 MEDIUM | N/A |
| Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords. | |||||
| CVE-2009-5101 | 1 Pentaho | 1 Bi Server | 2018-10-10 | 5.0 MEDIUM | N/A |
| Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. | |||||
| CVE-2009-5100 | 1 Pentaho | 1 Bi Server | 2018-10-10 | 2.1 LOW | N/A |
| Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password. | |||||
| CVE-2009-4943 | 1 Impactsoftcompany | 1 Adpeeps | 2018-10-10 | 5.0 MEDIUM | N/A |
| index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_adrates action with an invalid uid parameter, which reveals the installation path in an error message; or (2) an adminlogin action with a crafted uid parameter, which reveals the version number. | |||||
| CVE-2009-4844 | 1 Toutvirtual | 1 Virtualiq | 2018-10-10 | 5.0 MEDIUM | N/A |
| ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request. | |||||
| CVE-2009-4511 | 1 Vsecurity | 1 Tandberg Video Communication Server | 2018-10-10 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to (1) helppage.php or (2) user/helppage.php. | |||||
| CVE-2009-4322 | 1 Zen-cart | 1 Zen Cart | 2018-10-10 | 5.0 MEDIUM | N/A |
| extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2009-4175 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2018-10-10 | 5.0 MEDIUM | N/A |
| CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message. | |||||
| CVE-2009-4170 | 2 Roytanck, Wordpress | 2 Wp-cumulus, Wordpress | 2018-10-10 | 5.0 MEDIUM | N/A |
| WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message. | |||||
| CVE-2009-3457 | 1 Cisco | 2 Ace Web Application Firewall, Ace Xml Gateway | 2018-10-10 | 5.0 MEDIUM | N/A |
| Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. | |||||