Export limit exceeded: 25089 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10321 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2774 | 1 Mahara | 1 Mahara | 2025-04-11 | N/A |
| The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter. | ||||
| CVE-2011-2784 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry. | ||||
| CVE-2011-2800 | 3 Apple, Debian, Google | 4 Iphone Os, Safari, Debian Linux and 1 more | 2025-04-11 | N/A |
| Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site. | ||||
| CVE-2011-2889 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488. | ||||
| CVE-2011-2890 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488. | ||||
| CVE-2011-2891 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488. | ||||
| CVE-2011-2898 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | 5.5 Medium |
| net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. | ||||
| CVE-2011-2909 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string. | ||||
| CVE-2011-3497 | 1 Measuresoft | 1 Scadapro | 2025-04-11 | N/A |
| service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. | ||||
| CVE-2011-3502 | 1 Cogentdatahub | 1 Cogent Datahub | 2025-04-11 | N/A |
| The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). | ||||
| CVE-2011-3580 | 1 Icewarp | 1 Mail Server | 2025-04-11 | N/A |
| IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. | ||||
| CVE-2011-3721 | 1 Concrete5 | 1 Concrete | 2025-04-11 | N/A |
| concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files. | ||||
| CVE-2011-3723 | 1 Craftysyntax | 1 Crafty Syntax | 2025-04-11 | N/A |
| Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files. | ||||
| CVE-2011-3649 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Thunderbird | 2025-04-11 | N/A |
| Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression. | ||||
| CVE-2011-3653 | 2 Apple, Mozilla | 3 Mac Os X, Firefox, Thunderbird | 2025-04-11 | N/A |
| Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures. | ||||
| CVE-2011-3663 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | N/A |
| Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page. | ||||
| CVE-2011-3670 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | ||||
| CVE-2011-3694 | 1 Netsaro | 1 Enterprise Messenger Server | 2025-04-11 | N/A |
| The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL. | ||||
| CVE-2011-3695 | 1 111webcalendar | 1 111webcalendar | 2025-04-11 | N/A |
| 111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files. | ||||
| CVE-2011-3696 | 1 60cyclecms Project | 1 60cyclecms | 2025-04-11 | N/A |
| 60cycleCMS 2.5.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by post.php and certain other files. | ||||