Export limit exceeded: 366299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10809 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-5122 1 Websense 1 Websense Email Security 2025-04-11 N/A
The Personal Email Manager component in Websense Email Security before 7.2 allows remote attackers to obtain potentially sensitive information from the JBoss status page via an unspecified query.
CVE-2010-4562 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2025-04-11 N/A
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
CVE-2010-4354 1 Cisco 9 Asa 5500, Pix 500, Vpn 3000 Concentrator and 6 more 2025-04-11 N/A
The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025.
CVE-2011-3265 1 Zabbix 1 Zabbix 2025-04-11 N/A
popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter.
CVE-2011-3264 1 Zabbix 1 Zabbix 2025-04-11 N/A
Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.
CVE-2010-0549 1 Xerox 2 Workcentre 6400 Net Controller, Workcentre 6400 System Software 2025-04-11 N/A
Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability."
CVE-2012-0961 1 Debian 2 Advanced Package Tool, Apt 2025-04-11 N/A
Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
CVE-2013-2879 2 Debian, Google 2 Debian Linux, Chrome 2025-04-11 N/A
Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site.
CVE-2012-4046 1 Dlink 2 Dcs-932l, Dcs-932l Firmware 2025-04-11 N/A
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.
CVE-2010-0119 2 Becauseinter, Freebsd 2 Bournal, Freebsd 2025-04-11 N/A
Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing."
CVE-2012-4013 1 Cybozu 1 Kunai Browser For Remote Service 2025-04-11 N/A
The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
CVE-2010-0548 1 Xerox 7 Workcentre 5632, Workcentre 5638, Workcentre 5645 and 4 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization.
CVE-2012-0959 1 Remote Login Service Hackers 1 Remote Login Service 2025-04-11 N/A
Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials.
CVE-2012-4007 2 Google, Mixi 2 Android, Mixi 2025-04-11 N/A
The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card.
CVE-2010-3979 1 Sap 1 Businessobjects 2025-04-11 N/A
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.
CVE-2010-3978 1 Spreecommerce 1 Spree 2025-04-11 N/A
Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue.
CVE-2012-5509 2 Cloudforms Cloudengine, Redhat 2 1, Cloudforms Cloud Engine 2025-04-11 N/A
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.
CVE-2011-3821 1 Xajax-project 1 Xajax 2025-04-11 N/A
xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xajax_core/plugin_layer/xajaxScriptPlugin.inc.php and certain other files.
CVE-2012-4006 3 Google, Gree, Kddi \& Gree 9 Android, Gree, Haconiwa and 6 more 2025-04-11 N/A
The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2012-3864 3 Cloudforms Cloudengine, Puppet, Puppetlabs 4 1, Puppet, Puppet Enterprise and 1 more 2025-04-11 N/A
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.