Search Results (10720 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4278 2 Microsoft, Vmware 3 Windows, Virtual Infrastructure Client, Virtualcenter 2026-04-23 N/A
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.
CVE-2008-5683 1 Opera 1 Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
CVE-2008-1580 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2026-04-23 N/A
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.
CVE-2009-0612 1 Trendmicro 2 Interscan Web Security Suite, Interscan Web Security Virtual Appliance 2026-04-23 N/A
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
CVE-2008-7069 1 Paul Arbogast 1 Accms 2026-04-23 N/A
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
CVE-2008-1579 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.
CVE-2008-6537 1 Lightneasy 1 Lightneasy 2026-04-23 N/A
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
CVE-2009-4303 1 Moodle 1 Moodle 2026-04-23 N/A
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.
CVE-2008-5828 1 Microsoft 1 Windows Live Messenger 2026-04-23 N/A
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
CVE-2009-3987 1 Mozilla 2 Firefox, Seamonkey 2026-04-23 N/A
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.
CVE-2008-0598 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
CVE-2006-6953 1 Globetrotter 1 Mobility Manager 2026-04-23 N/A
The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots.
CVE-2008-2159 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.
CVE-2008-3248 1 Symantec 1 Veritas File System 2026-04-23 N/A
qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files.
CVE-2009-1949 1 Unclassified 1 Newsboard 2026-04-23 N/A
import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVE-2009-2134 1 Pivot 1 Pivot 2026-04-23 N/A
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.
CVE-2009-2274 1 Huawei 1 D100 2026-04-23 N/A
The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.
CVE-2009-4531 1 Jasper 1 Httpdx 2026-04-23 N/A
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
CVE-2008-4593 1 Apple 1 Iphone 2026-04-23 N/A
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416.
CVE-2009-3600 1 Freewebscriptz 1 Hubscript 2026-04-23 N/A
HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function.