Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10720 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1296 | 1 Ubuntu | 2 73-oubuntu, Ubuntu | 2026-04-23 | N/A |
| The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root. | ||||
| CVE-2009-4300 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. | ||||
| CVE-2009-1292 | 2 Ibm, Unix | 3 Aix, Rational Clearcase, Unix | 2026-04-23 | N/A |
| UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process. | ||||
| CVE-2007-5550 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2008-3141 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. | ||||
| CVE-2008-4069 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. | ||||
| CVE-2007-5201 | 1 Duplicity Project | 1 Duplicity | 2026-04-23 | N/A |
| The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments. | ||||
| CVE-2006-6637 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." | ||||
| CVE-2008-5342 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. | ||||
| CVE-2008-2120 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | ||||
| CVE-2008-6981 | 1 Phpadultsite | 1 Phpadultsite Cms | 2026-04-23 | N/A |
| index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid results_per_page parameter, which leaks the path in an error message. NOTE: this issue might be resultant from a separate SQL injection vulnerability. | ||||
| CVE-2008-6961 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2026-04-23 | N/A |
| mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties. | ||||
| CVE-2007-5129 | 1 Boesch-it | 1 Simpgb | 2026-04-23 | N/A |
| SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. | ||||
| CVE-2008-6159 | 1 Hans Oesterholt | 1 Cmme | 2026-04-23 | N/A |
| Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function. | ||||
| CVE-2008-5350 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. | ||||
| CVE-2008-3060 | 1 V-webmail | 1 V-webmail | 2026-04-23 | N/A |
| V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. | ||||
| CVE-2008-0297 | 1 Keil Software | 1 Photokorn | 2026-04-23 | N/A |
| PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. | ||||
| CVE-2008-6896 | 1 3cx | 1 Phone System | 2026-04-23 | N/A |
| login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path. | ||||
| CVE-2008-3897 | 2 Freed0m, Microsoft | 2 Disckcryptor, Windows | 2026-04-23 | N/A |
| DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | ||||
| CVE-2009-1769 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2026-04-23 | N/A |
| The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames. | ||||