Total
9537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3114 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. | |||||
| CVE-2009-4236 | 1 Ec-cube | 1 Ec-cube Ver2 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions. | |||||
| CVE-2009-4326 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.3 MEDIUM | N/A |
| The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | |||||
| CVE-2008-3644 | 1 Apple | 1 Safari | 2025-04-09 | 1.9 LOW | N/A |
| Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | |||||
| CVE-2008-5683 | 1 Opera | 1 Opera Browser | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | |||||
| CVE-2009-4109 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-09 | 5.0 MEDIUM | N/A |
| The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information. | |||||
| CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | |||||
| CVE-2008-4170 | 1 Oscommerce | 1 Oscommerce | 2025-04-09 | 5.0 MEDIUM | N/A |
| create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message. | |||||
| CVE-2006-5725 | 1 Aep Networks | 1 Smartgate Ssl Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories. | |||||
| CVE-2007-5129 | 1 Boesch-it | 1 Simpgb | 2025-04-09 | 5.0 MEDIUM | N/A |
| SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. | |||||
| CVE-2008-0136 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 5.0 MEDIUM | N/A |
| Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path. | |||||
| CVE-2009-0358 | 1 Mozilla | 1 Firefox | 2025-04-09 | 3.3 LOW | N/A |
| Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | |||||
| CVE-2008-4820 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2008-7146 | 1 Intralearn | 1 Intralearn | 2025-04-09 | 5.0 MEDIUM | N/A |
| IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message. | |||||
| CVE-2009-4322 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 5.0 MEDIUM | N/A |
| extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2008-5107 | 1 Citrix | 2 Desktop Server, Presentation Server | 2025-04-09 | 1.9 LOW | N/A |
| The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | |||||
| CVE-2009-0437 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2025-04-09 | 1.9 LOW | N/A |
| The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file. | |||||
| CVE-2008-2318 | 1 Apple | 2 Xcode, Xcode Tools | 2025-04-09 | 5.0 MEDIUM | N/A |
| The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. | |||||
| CVE-2007-5432 | 1 Scottmanktelow | 1 Stride Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php. | |||||
| CVE-2009-1293 | 1 Novell | 1 Teaming | 2025-04-09 | 5.0 MEDIUM | N/A |
| The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. | |||||