ReportizFlow
Filtered by vendor
Subscriptions
Total
10197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3544 | 1 Xerver | 1 Xerver | 2025-04-09 | N/A |
| Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. | ||||
| CVE-2009-3628 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element. | ||||
| CVE-2008-1270 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | N/A |
| mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. | ||||
| CVE-2007-4669 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | N/A |
| The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. | ||||
| CVE-2007-1564 | 2 Kde, Redhat | 2 Konqueror, Enterprise Linux | 2025-04-09 | N/A |
| The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | ||||
| CVE-2007-2253 | 1 Exponent | 1 Exponent Cms | 2025-04-09 | N/A |
| Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. | ||||
| CVE-2007-4514 | 1 Hp | 1 Procurve Manager | 2025-04-09 | N/A |
| Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors. | ||||
| CVE-2009-0123 | 2 Apple, Microsoft | 3 Mac Os X, Safari, Windows | 2025-04-09 | N/A |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2008-1924 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. | ||||
| CVE-2008-2681 | 1 Realm Project | 1 Realm Cms | 2025-04-09 | N/A |
| Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message. | ||||
| CVE-2008-4113 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2025-04-09 | N/A |
| The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function. | ||||
| CVE-2008-2246 | 1 Microsoft | 2 Windows-nt, Windows Vista | 2025-04-09 | N/A |
| Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2007-5011 | 1 Wilson Windowware | 1 Webbatch | 2025-04-09 | N/A |
| webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter. | ||||
| CVE-2008-2747 | 2 Microsoft, No-ip | 2 Windows, Dynamic Update Client | 2025-04-09 | N/A |
| No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. | ||||
| CVE-2008-2318 | 1 Apple | 2 Xcode, Xcode Tools | 2025-04-09 | N/A |
| The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. | ||||
| CVE-2008-0136 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | N/A |
| Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path. | ||||
| CVE-2008-0636 | 1 Level Platforms | 1 Managed Workplace Service Center | 2025-04-09 | N/A |
| Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information. | ||||
| CVE-2008-0736 | 1 Shoppingtree | 1 Candypress Store | 2025-04-09 | N/A |
| admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter. | ||||
| CVE-2008-0904 | 1 Bea Systems | 2 Aqualogic Interaction, Plumtree Collaboration | 2025-04-09 | N/A |
| Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL. | ||||
| CVE-2008-0994 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. | ||||