ReportizFlow
Filtered by vendor
Subscriptions
Total
10197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4617 | 1 Jahia | 1 Jahia Xcm | 2025-04-11 | N/A |
| Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
| CVE-2013-1402 | 1 Digitiliti | 1 Digilibe | 2025-04-11 | N/A |
| DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html. | ||||
| CVE-2011-0291 | 1 Blackberry | 1 Blackberry Tablet Os | 2025-04-11 | N/A |
| The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with software before 1.0.8.6067 allows local users to gain privileges via a crafted configuration file in a backup archive. | ||||
| CVE-2013-4628 | 1 Huawei | 3 Quidway Service Process Unit Board S7700, Quidway Service Process Unit Board S9300, Quidway Service Process Unit Board S9700 | 2025-04-11 | N/A |
| The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone. | ||||
| CVE-2010-5187 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | N/A |
| SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message. | ||||
| CVE-2013-5995 | 1 Lockon | 1 Ec-cube | 2025-04-11 | N/A |
| data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses. | ||||
| CVE-2013-5994 | 1 Lockon | 1 Ec-cube | 2025-04-11 | N/A |
| data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | ||||
| CVE-2010-4525 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Virtualization | 2025-04-11 | N/A |
| Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors. | ||||
| CVE-2010-3886 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | N/A |
| The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. | ||||
| CVE-2011-3793 | 1 Lucidcrew | 1 Pixie | 2025-04-11 | N/A |
| Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files. | ||||
| CVE-2011-3792 | 1 Pixelpost | 1 Pixelpost | 2025-04-11 | N/A |
| Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files. | ||||
| CVE-2010-2538 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Linux Enterprise Desktop and 2 more | 2025-04-11 | 5.5 Medium |
| Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call. | ||||
| CVE-2011-3822 | 1 Xoops | 1 Xoops | 2025-04-11 | N/A |
| XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files. | ||||
| CVE-2011-3790 | 1 Piwigo | 1 Piwigo | 2025-04-11 | N/A |
| Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files. | ||||
| CVE-2011-3788 | 1 Phpsec | 1 Phpsecinfo | 2025-04-11 | N/A |
| PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Test/Test_Suhosin.php and certain other files. | ||||
| CVE-2011-3787 | 1 Nick Korbel | 1 Phpscheduleit | 2025-04-11 | N/A |
| phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other files. | ||||
| CVE-2010-1851 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. | ||||
| CVE-2011-3786 | 1 Phprojekt | 1 Phprojekt | 2025-04-11 | N/A |
| PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php. | ||||
| CVE-2011-3785 | 1 Phppointofsale | 1 Php Point Of Sale | 2025-04-11 | N/A |
| PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | ||||
| CVE-2011-3783 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-11 | N/A |
| phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files. | ||||