Search Results (10722 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0474 1 Rockwellautomation 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge 2026-04-23 N/A
The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603.
CVE-2009-0453 1 Onlinegrades 1 Online Grades 2026-04-23 N/A
Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2007-2552 1 Wikkawiki 1 Wikkawiki 2026-04-23 N/A
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
CVE-2006-5229 2 Novell, Openbsd 2 Suse Linux, Openssh 2026-04-23 N/A
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
CVE-2009-3946 1 Joomla 1 Joomla\! 2026-04-23 N/A
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.
CVE-2009-1556 1 Cisco 1 Wvc54gca 2026-04-23 N/A
img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507.
CVE-2007-4655 1 Cgi-rescue 1 Shopping Basket Professional 2026-04-23 N/A
Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.
CVE-2009-0628 1 Cisco 1 Cisco Ios 2026-04-23 N/A
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.
CVE-2009-4535 1 Valenok 1 Mongoose 2026-04-23 N/A
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.
CVE-2009-4531 1 Jasper 1 Httpdx 2026-04-23 N/A
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
CVE-2009-3951 2 Adobe, Microsoft 3 Adobe Air, Flash Player, Windows 2026-04-23 N/A
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
CVE-2009-3883 2 Redhat, Sun 6 Enterprise Linux, Network Satellite, Rhel Extras and 3 more 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.
CVE-2008-2723 1 Menalto 1 Gallery 2026-04-23 N/A
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address."
CVE-2008-6537 1 Lightneasy 1 Lightneasy 2026-04-23 N/A
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
CVE-2007-5473 2 Microsoft, Mono 2 Windows, Mono 2026-04-23 N/A
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
CVE-2007-4514 1 Hp 1 Procurve Manager 2026-04-23 N/A
Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors.
CVE-2009-3815 1 Runcms 1 Runcms 2026-04-23 N/A
RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a call to the preg_match function.
CVE-2009-2956 1 Ibm 1 Websphere Commerce Suite 2026-04-23 N/A
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
CVE-2008-4695 1 Opera 1 Opera 2026-04-23 N/A
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.
CVE-2007-5899 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.