Export limit exceeded: 365349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10772 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3776 1 Musawir Ali 1 Phpformgenerator 2025-04-11 N/A
phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php.
CVE-2011-3775 1 Litoweb 1 Phpfilenavigator 2025-04-11 N/A
PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xestion/varios/logs.inc.php and certain other files.
CVE-2011-3750 1 Kplaylist 1 Kplaylist 2025-04-11 N/A
kPlaylist 1.8.502 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by getid3/getid3/write.id3v1.php and certain other files.
CVE-2011-3749 1 Maptools 1 Ka-map 2025-04-11 N/A
ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files.
CVE-2011-3748 1 Kamads Classifieds 1 2 B3 2025-04-11 N/A
Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by V2A_XHTML/style/view.php and certain other files.
CVE-2012-4013 1 Cybozu 1 Kunai Browser For Remote Service 2025-04-11 N/A
The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
CVE-2011-3770 1 Phpalbum 1 Phpalbum 2025-04-11 N/A
phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files.
CVE-2011-3774 1 Bishop Bettini 1 Phpesp 2025-04-11 N/A
php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files.
CVE-2011-3778 1 Phpgedview 1 Phpgedview 2025-04-11 N/A
PhpGedView 4.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by serviceClientTest.php and certain other files.
CVE-2011-3782 1 Phplinkdirectory 1 Phpld 2025-04-11 N/A
phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Smarty_Compiler.class.php and certain other files.
CVE-2011-3785 1 Phppointofsale 1 Php Point Of Sale 2025-04-11 N/A
PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files.
CVE-2013-2976 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2013-2985 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-04-11 N/A
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.
CVE-2011-3767 1 Oscommerce 1 Oscommerce 2025-04-11 N/A
osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php.
CVE-2012-5544 2 Drupal, Thinkshout 2 Drupal, Mandrill 2025-04-11 N/A
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard.
CVE-2011-3766 1 Orangehrm 1 Orangehrm 2025-04-11 N/A
OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/orange/menu/Menu.php and certain other files.
CVE-2011-3765 1 Open-realty 1 Open-realty 2025-04-11 N/A
Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files.
CVE-2012-5589 2 Drupal, Netgenius 2 Drupal, Multilink 2025-04-11 N/A
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.
CVE-2010-3298 6 Canonical, Debian, Linux and 3 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2025-04-11 N/A
The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
CVE-2013-3428 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957.