Total
9656 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3732 | 1 Eggblog | 1 Eggblog | 2025-04-11 | N/A |
| eggBlog 4.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _lib/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php and certain other files. | ||||
| CVE-2011-3734 | 1 Energine | 1 Energine | 2025-04-11 | N/A |
| Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain other files. | ||||
| CVE-2011-3743 | 1 Hesk | 1 Hesk | 2025-04-11 | N/A |
| Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files. | ||||
| CVE-2011-3745 | 1 Hycus | 1 Hycus Cms | 2025-04-11 | N/A |
| HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php. | ||||
| CVE-2011-3753 | 1 Linpha | 1 Linpha | 2025-04-11 | N/A |
| LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files. | ||||
| CVE-2011-3756 | 1 Microblog | 1 Microblog | 2025-04-11 | N/A |
| MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files. | ||||
| CVE-2011-3759 | 1 Mybb | 1 Mybb | 2025-04-11 | N/A |
| MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files. | ||||
| CVE-2011-3763 | 1 Opencart | 1 Opencart | 2025-04-11 | N/A |
| OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files. | ||||
| CVE-2011-3775 | 1 Litoweb | 1 Phpfilenavigator | 2025-04-11 | N/A |
| PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xestion/varios/logs.inc.php and certain other files. | ||||
| CVE-2011-3792 | 1 Pixelpost | 1 Pixelpost | 2025-04-11 | N/A |
| Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files. | ||||
| CVE-2011-3799 | 1 Elazos | 1 Reos | 2025-04-11 | N/A |
| ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files. | ||||
| CVE-2011-3801 | 1 Simpletest | 1 Simpletest | 2025-04-11 | N/A |
| SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php and certain other files. | ||||
| CVE-2011-4143 | 1 Rsa | 1 Envision | 2025-04-11 | N/A |
| EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. | ||||
| CVE-2011-3813 | 1 Vwar | 1 Virtual War | 2025-04-11 | N/A |
| Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files. | ||||
| CVE-2011-3824 | 1 Yourls | 1 Yourls | 2025-04-11 | N/A |
| Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files. | ||||
| CVE-2011-3829 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | N/A |
| ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message. | ||||
| CVE-2011-4283 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml. | ||||
| CVE-2010-3327 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | N/A |
| The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." | ||||
| CVE-2010-3330 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 6.5 Medium |
| Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." | ||||
| CVE-2011-0737 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 5.3 Medium |
| Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure | ||||