Search Results (10713 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-1402 1 Digitiliti 1 Digilibe 2025-04-11 N/A
DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
CVE-2013-1301 1 Microsoft 1 Visio 2025-04-11 N/A
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
CVE-2013-1297 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."
CVE-2011-4597 1 Digium 1 Asterisk 2025-04-11 N/A
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
CVE-2013-1107 1 Cisco 1 Webex Social 2025-04-11 N/A
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.
CVE-2013-3647 1 Cybozu 1 Cybozu Live 2025-04-11 N/A
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
CVE-2013-0792 1 Mozilla 2 Firefox, Seamonkey 2025-04-11 N/A
Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image.
CVE-2013-0721 2 Wordpress, Wp Php Widget Project 2 Wordpress, Wp Php Widget 2025-04-11 N/A
wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
CVE-2013-0704 1 Gree 1 Gree 2025-04-11 N/A
Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during interaction with other applications.
CVE-2013-0599 1 Ibm 1 Rational Directory Server 2025-04-11 N/A
IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code.
CVE-2013-0523 1 Ibm 1 Websphere Commerce 2025-04-11 N/A
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access.
CVE-2013-0505 1 Ibm 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation 2025-04-11 N/A
IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.
CVE-2013-0481 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-04-11 N/A
The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to read stack traces by triggering (1) an error or (2) an exception.
CVE-2013-0475 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-04-11 N/A
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0567.
CVE-2013-0474 1 Ibm 2 Rational Policy Tester, Security Appscan 2025-04-11 N/A
The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site.
CVE-2010-1406 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.
CVE-2013-3428 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957.
CVE-2013-4766 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component.
CVE-2013-3398 1 Cisco 1 Prime Central For Hosted Collaboration Solution 2025-04-11 N/A
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574.
CVE-2010-0549 1 Xerox 2 Workcentre 6400 Net Controller, Workcentre 6400 System Software 2025-04-11 N/A
Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability."