Export limit exceeded: 10636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10636 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5180 | 1 Opera | 2 Opera Mini, Opera Mobile | 2025-04-11 | N/A |
| The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2011-3767 | 1 Oscommerce | 1 Oscommerce | 2025-04-11 | N/A |
| osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php. | ||||
| CVE-2011-3768 | 1 Phorum | 1 Phorum | 2025-04-11 | N/A |
| Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files. | ||||
| CVE-2010-1852 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | N/A |
| Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. | ||||
| CVE-2012-3798 | 2 Bryce Hamrick, Drupal | 2 Janrain Capture, Drupal | 2025-04-11 | N/A |
| The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. | ||||
| CVE-2012-4403 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response. | ||||
| CVE-2011-3769 | 1 Blondish | 1 Phpads | 2025-04-11 | N/A |
| PHPads 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ads.inc.php. | ||||
| CVE-2010-1851 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. | ||||
| CVE-2011-3771 | 1 Gnu | 1 Phpbook | 2025-04-11 | N/A |
| phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files. | ||||
| CVE-2012-4407 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file. | ||||
| CVE-2012-5172 | 1 Asial | 1 Monaca Debugger | 2025-04-11 | N/A |
| The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application. | ||||
| CVE-2009-5101 | 1 Pentaho | 1 Bi Server | 2025-04-11 | N/A |
| Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. | ||||
| CVE-2011-4751 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | N/A |
| SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | ||||
| CVE-2009-5117 | 1 Mcafee | 1 Host Data Loss Prevention | 2025-04-11 | N/A |
| The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files. | ||||
| CVE-2012-4006 | 3 Google, Gree, Kddi \& Gree | 9 Android, Gree, Haconiwa and 6 more | 2025-04-11 | N/A |
| The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2012-4007 | 2 Google, Mixi | 2 Android, Mixi | 2025-04-11 | N/A |
| The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. | ||||
| CVE-2012-4013 | 1 Cybozu | 1 Kunai Browser For Remote Service | 2025-04-11 | N/A |
| The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. | ||||
| CVE-2012-4116 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970. | ||||
| CVE-2012-5055 | 2 Redhat, Vmware | 2 Fuse Esb Enterprise, Springsource Spring Security | 2025-04-11 | N/A |
| DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests. | ||||
| CVE-2012-4976 | 1 Layton Technology | 1 Helpbox | 2025-04-11 | N/A |
| selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page. | ||||