Search Results (10810 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1962 1 Sap 1 Customer Relationship Management 2025-04-11 N/A
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.
CVE-2012-3249 1 Hp 1 Fortify Software Security Center 2025-04-11 N/A
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2014-1931 1 Visibility Software 1 Cyber Recruiter 2025-04-11 N/A
The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests.
CVE-2010-0826 2 Piotr Roszatycki, Redhat 2 Libnss-db, Enterprise Linux 2025-04-11 N/A
The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.
CVE-2013-0693 2 Emerson, Enea 4 Dl 8000 Remote Terminal Unit, Roc 800 Remote Terminal Unit, Roc 800l Remote Terminal Unit and 1 more 2025-04-11 N/A
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic.
CVE-2010-0384 1 Tor 1 Tor 2025-04-11 N/A
Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files.
CVE-2010-0383 1 Tor 1 Tor 2025-04-11 N/A
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations.
CVE-2013-1402 1 Digitiliti 1 Digilibe 2025-04-11 N/A
DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
CVE-2012-2668 2 Openldap, Redhat 2 Openldap, Enterprise Linux 2025-04-11 N/A
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
CVE-2012-2647 3 Apple, Google, Yahoo 3 Safari, Chrome, Toolbar 2025-04-11 N/A
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.
CVE-2013-0637 6 Adobe, Apple, Google and 3 more 8 Air, Air Sdk, Flash Player and 5 more 2025-04-11 N/A
Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors.
CVE-2012-2531 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-11 N/A
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
CVE-2013-0505 1 Ibm 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation 2025-04-11 N/A
IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.
CVE-2012-1960 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2025-04-11 N/A
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.
CVE-2012-1926 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.
CVE-2012-1896 1 Microsoft 6 .net Framework, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
CVE-2012-1858 1 Microsoft 9 Internet Explorer, Lync, Office Communicator and 6 more 2025-04-11 N/A
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
CVE-2011-3714 1 Csphere 1 Clansphere 2025-04-11 N/A
ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php.
CVE-2012-5624 3 Canonical, Digia, Qt 3 Ubuntu Linux, Qt, Qt 2025-04-11 N/A
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
CVE-2013-0160 1 Linux 1 Linux Kernel 2025-04-11 N/A
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.