Total
9657 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1246 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." | ||||
| CVE-2013-3713 | 1 Opensuse | 1 Opensuse | 2025-04-11 | N/A |
| The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow. | ||||
| CVE-2011-1502 | 1 Liferay | 1 Liferay Portal | 2025-04-11 | N/A |
| Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. | ||||
| CVE-2012-1348 | 1 Cisco | 1 Wide Area Application Services | 2025-04-11 | N/A |
| Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. | ||||
| CVE-2012-5055 | 2 Redhat, Vmware | 2 Fuse Esb Enterprise, Springsource Spring Security | 2025-04-11 | N/A |
| DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests. | ||||
| CVE-2011-2081 | 1 Inventivetec | 1 Mediacast | 2025-04-11 | N/A |
| MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree. | ||||
| CVE-2012-5516 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2025-04-11 | N/A |
| Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-1831 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message. | ||||
| CVE-2012-5509 | 2 Cloudforms Cloudengine, Redhat | 2 1, Cloudforms Cloud Engine | 2025-04-11 | N/A |
| aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file. | ||||
| CVE-2012-3519 | 1 Tor | 1 Tor | 2025-04-11 | N/A |
| routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. | ||||
| CVE-2012-5615 | 3 Mariadb, Oracle, Redhat | 5 Mariadb, Mysql, Enterprise Linux and 2 more | 2025-04-11 | N/A |
| Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2011-3701 | 1 Alegrocart | 1 Alegrocart | 2025-04-11 | N/A |
| AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files. | ||||
| CVE-2011-3717 | 1 Clip-bucket | 1 Clipbucket | 2025-04-11 | N/A |
| ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files. | ||||
| CVE-2011-3719 | 1 Codeigniter | 1 Codeigniter | 2025-04-11 | N/A |
| CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | ||||
| CVE-2011-3740 | 1 Frontaccounting | 1 Frontaccounting | 2025-04-11 | N/A |
| FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files. | ||||
| CVE-2011-3755 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | N/A |
| MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files. | ||||
| CVE-2011-3764 | 1 Opendocman | 1 Opendocman | 2025-04-11 | N/A |
| OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files. | ||||
| CVE-2011-3774 | 1 Bishop Bettini | 1 Phpesp | 2025-04-11 | N/A |
| php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files. | ||||
| CVE-2011-3783 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-11 | N/A |
| phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files. | ||||
| CVE-2011-3785 | 1 Phppointofsale | 1 Php Point Of Sale | 2025-04-11 | N/A |
| PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | ||||