Search Results (10728 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1208 2 Apple, Filemaker 2 Mac Os X, Filemaker 2025-04-12 N/A
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.
CVE-2014-8735 1 Bad Behavior Project 1 Bad Behavior 2025-04-12 N/A
The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.
CVE-2014-5094 1 Status2k 1 Status2k 2025-04-12 N/A
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
CVE-2016-1225 1 Trendmicro 1 Internet Security 2025-04-12 N/A
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-8105 2 Fedoraproject, Redhat 3 389 Directory Server, Fedora, Enterprise Linux 2025-04-12 N/A
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
CVE-2014-4980 1 Tenable 2 Nessus, Web Ui 2025-04-12 N/A
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.
CVE-2014-8832 1 Apple 1 Mac Os X 2025-04-12 N/A
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.
CVE-2014-4974 1 Eset 1 Personal Firewall Ndis Filter 2025-04-12 N/A
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.
CVE-2014-9225 2 Broadcom, Symantec 2 Symantec Critical System Protection, Data Center Security 2025-04-12 N/A
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
CVE-2014-9250 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418.
CVE-2016-1321 1 Cisco 1 Universal Small Cell Firmware 2025-04-12 N/A
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
CVE-2015-6485 1 Schneider-electric 8 Sage 1410, Sage 1430, Sage 1450 and 5 more 2025-04-12 N/A
Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet.
CVE-2015-1729 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2013-6493 1 Redhat 2 Enterprise Linux, Icedtea-web 2025-04-12 N/A
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
CVE-2014-9361 1 Logintoboggan Project 1 Logintoboggan 2025-04-12 N/A
The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page.
CVE-2014-4875 1 Toshiba 1 Chec 2025-04-12 N/A
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
CVE-2016-1785 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
CVE-2015-4212 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.
CVE-2015-1097 1 Apple 2 Iphone Os, Tvos 2025-04-12 N/A
IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
CVE-2015-1901 1 Ibm 1 Infosphere Information Server 2025-04-12 N/A
The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands.