Search Results (10766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-0031 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-11 N/A
The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
CVE-2011-0195 1 Apple 1 Iphone Os 2025-04-11 N/A
The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.
CVE-2011-0244 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.
CVE-2011-1015 2 Python, Redhat 2 Python, Enterprise Linux 2025-04-11 N/A
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
CVE-2011-1418 1 Apple 3 Apple Tv, Iphone Os, Tvos 2025-04-11 N/A
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
CVE-2011-1502 1 Liferay 1 Liferay Portal 2025-04-11 N/A
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
CVE-2011-1569 1 Douran 1 Portal 2025-04-11 N/A
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.
CVE-2010-1796 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.
CVE-2011-2059 1 Cisco 1 Ios 2025-04-11 N/A
The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219.
CVE-2011-2076 1 Inventivetec 1 Mediacast 2025-04-11 N/A
MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216.
CVE-2011-2488 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2011-3126 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.
CVE-2011-3128 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.
CVE-2010-0434 4 Apache, Debian, Fedoraproject and 1 more 6 Http Server, Debian Linux, Fedora and 3 more 2025-04-11 N/A
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
CVE-2011-3179 1 Novell 2 Groupwise Messenger, Messenger 2025-04-11 N/A
The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command.
CVE-2011-3220 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
CVE-2011-3246 1 Apple 3 Iphone Os, Mac Os X, Mac Os X Server 2025-04-11 N/A
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
CVE-2011-3388 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the insecure site.
CVE-2011-3427 1 Apple 2 Apple Tv, Iphone Os 2025-04-11 N/A
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
CVE-2011-3431 1 Apple 1 Iphone Os 2025-04-11 N/A
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.