Search Results (10712 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1892 1 Microsoft 10 Forms Server, Groove, Groove Data Bridge Server and 7 more 2025-04-11 N/A
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
CVE-2011-4894 1 Tor 1 Tor 2025-04-11 N/A
Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections.
CVE-2011-3817 1 Websitebaker2 1 Website Baker 2025-04-11 N/A
Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/media/parameters.php and certain other files. NOTE: this might overlap CVE-2005-2436.
CVE-2011-4457 1 Owasp-java-html-sanitizer Project 1 Owasp-java-html-sanitizer 2025-04-11 N/A
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
CVE-2012-1579 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.
CVE-2011-4497 1 Asus 2 Rt-n56u, Rt-n56u Firmware 2025-04-11 N/A
QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.
CVE-2011-3816 1 Webinsta 1 Mailing List Manager 2025-04-11 N/A
WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files.
CVE-2011-3813 1 Vwar 1 Virtual War 2025-04-11 N/A
Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files.
CVE-2011-3808 1 Thebuggenie 1 The Bug Genie 2025-04-11 N/A
The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other files.
CVE-2013-3959 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-11 N/A
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters.
CVE-2011-3807 1 Textpattern 1 Textpattern 2025-04-11 N/A
Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.
CVE-2011-4759 1 Parallels 1 Parallels Plesk Small Business Panel 2025-04-11 N/A
Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
CVE-2012-4832 1 Ibm 2 Infosphere Business Glossary, Infosphere Information Server 2025-04-11 N/A
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVE-2013-6237 1 Islonline 2 Isl Desktop Plugin, Isl Light 2025-04-11 N/A
The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session.
CVE-2013-6672 7 Canonical, Fedoraproject, Linux and 4 more 10 Ubuntu Linux, Fedora, Linux Kernel and 7 more 2025-04-11 N/A
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.
CVE-2013-6709 1 Cisco 1 Webex Training Center 2025-04-11 N/A
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.
CVE-2013-6953 1 Dotnetblogengine 1 Blogengine.net 2025-04-11 N/A
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
CVE-2013-6968 1 Cisco 1 Webex Training Center 2025-04-11 N/A
Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.
CVE-2010-3886 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
CVE-2013-7224 1 Fatfreecrm 1 Fat Free Crm 2025-04-11 N/A
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.