Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3750 | 1 Kplaylist | 1 Kplaylist | 2012-03-12 | 5.0 MEDIUM | N/A |
| kPlaylist 1.8.502 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by getid3/getid3/write.id3v1.php and certain other files. | |||||
| CVE-2011-3738 | 1 Fengoffice | 1 Feng Office | 2012-03-12 | 5.0 MEDIUM | N/A |
| Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. | |||||
| CVE-2011-3746 | 1 Jcow | 1 Jcow | 2012-03-12 | 5.0 MEDIUM | N/A |
| Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files. | |||||
| CVE-2011-3754 | 1 Mambo-foundation | 1 Mambo | 2012-03-12 | 5.0 MEDIUM | N/A |
| Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. | |||||
| CVE-2011-3748 | 1 Kamads Classifieds | 1 2 B3 | 2012-03-12 | 5.0 MEDIUM | N/A |
| Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by V2A_XHTML/style/view.php and certain other files. | |||||
| CVE-2011-3756 | 1 Microblog | 1 Microblog | 2012-03-12 | 5.0 MEDIUM | N/A |
| MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files. | |||||
| CVE-2011-3735 | 1 Escortwebsitedesign | 1 Escort-agency-cms | 2012-03-12 | 5.0 MEDIUM | N/A |
| Escort Agency CMS (aka escort-agency-cms) allows remote attackers to obtain sensitive information via crafted array parameters in a request to a .php file, which reveals the installation path in an error message, as demonstrated by makethumb.php and certain other files. | |||||
| CVE-2010-5068 | 1 Opera | 1 Opera Browser | 2012-03-08 | 4.3 MEDIUM | N/A |
| The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | |||||
| CVE-2011-3179 | 1 Novell | 2 Groupwise Messenger, Messenger | 2012-03-05 | 5.0 MEDIUM | N/A |
| The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command. | |||||
| CVE-2011-4872 | 1 Htc | 9 Desire Hd, Desire S, Droid Incredible and 6 more | 2012-02-16 | 2.6 LOW | N/A |
| Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class. | |||||
| CVE-2011-3375 | 1 Apache | 1 Tomcat | 2012-02-16 | 5.0 MEDIUM | N/A |
| Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data. | |||||
| CVE-2011-2720 | 1 Glpi-project | 1 Glpi | 2012-02-16 | 5.0 MEDIUM | N/A |
| The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request. | |||||
| CVE-2011-3497 | 1 Measuresoft | 1 Scadapro | 2012-02-14 | 10.0 HIGH | N/A |
| service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. | |||||
| CVE-2011-3163 | 1 Hp | 1 Multifunction Peripheral Digital Sending Software | 2012-02-14 | 1.2 LOW | N/A |
| HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors. | |||||
| CVE-2011-5066 | 1 Ibm | 1 Websphere Application Server | 2012-02-08 | 2.1 LOW | N/A |
| The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. | |||||
| CVE-2011-4143 | 1 Rsa | 1 Envision | 2012-02-06 | 5.0 MEDIUM | N/A |
| EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. | |||||
| CVE-2011-3452 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 4.3 MEDIUM | N/A |
| Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network. | |||||
| CVE-2010-4562 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2012-02-03 | 4.3 MEDIUM | N/A |
| Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. | |||||
| CVE-2010-4563 | 1 Linux | 1 Linux Kernel | 2012-02-03 | 5.0 MEDIUM | N/A |
| The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. | |||||
| CVE-2011-3447 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. | |||||