Search Results (10719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5934 1 Pear 1 Structures Datagrid Datasource Mdb2 2026-04-23 N/A
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.
CVE-2008-1318 1 Mediawiki 1 Mediawiki 2026-04-23 N/A
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.
CVE-2007-2402 1 Apple 1 Quicktime 2026-04-23 N/A
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
CVE-2008-0938 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.
CVE-2007-5922 2 Bitchx, Cypress 2 Bitchx, Cypress 2026-04-23 N/A
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.
CVE-2008-5099 1 Sun 1 Logical Domain Manager 2026-04-23 N/A
Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992.
CVE-2007-1237 1 Bj Sintay 1 Sitex 2026-04-23 N/A
sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.
CVE-2008-5096 1 Typo3 2 File List Extension, Typo3 2026-04-23 N/A
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2008-3094 1 Organic Groups Project 1 Organic Groups 2026-04-23 N/A
The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.
CVE-2007-5899 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
CVE-2008-4695 1 Opera 1 Opera 2026-04-23 N/A
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.
CVE-2008-2432 1 Novell 1 Iprint 2026-04-23 N/A
Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument.
CVE-2007-6408 1 Ibm 1 Tivoli Provisioning Manager Express 2026-04-23 N/A
IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
CVE-2008-5107 1 Citrix 2 Desktop Server, Presentation Server 2026-04-23 N/A
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
CVE-2008-4721 1 Php Jabbers 1 Post Comment 2026-04-23 N/A
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
CVE-2008-3171 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2009-4612 1 Mortbay 1 Jetty 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
CVE-2008-5461 1 Oracle 1 Bea Product Suite 2026-04-23 N/A
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.
CVE-2009-0143 1 Apple 1 Itunes 2026-04-23 N/A
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
CVE-2008-0993 1 Apple 3 Mac Os X, Mac Os X Server, Podcast Producer 2026-04-23 N/A
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.