Export limit exceeded: 10729 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10729 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-1455 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
CVE-2012-0950 1 Canonical 1 Ubuntu Linux 2025-04-11 N/A
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.
CVE-2012-3248 1 Hp 1 Fortify Software Security Center 2025-04-11 N/A
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-3249 1 Hp 1 Fortify Software Security Center 2025-04-11 N/A
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2012-3319 1 Ibm 1 Rational Business Developer 2025-04-11 N/A
IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product.
CVE-2012-6049 1 Opensolution 1 Quick.cart 2025-04-11 N/A
Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message.
CVE-2012-3419 1 Sgi 1 Performance Co-pilot 2025-04-11 N/A
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
CVE-2011-3802 1 Status 1 Statusnet 2025-04-11 N/A
StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files.
CVE-2012-3581 1 Symantec 1 Messaging Gateway 2025-04-11 N/A
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.
CVE-2011-3695 1 111webcalendar 1 111webcalendar 2025-04-11 N/A
111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files.
CVE-2011-2156 1 Smartertools 1 Smarterstats 2025-04-11 N/A
The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/.
CVE-2011-3702 1 Anantasoft 1 Ananta Gazelle 2025-04-11 N/A
Ananta Gazelle 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/template.php and certain other files.
CVE-2010-0643 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.
CVE-2010-0663 1 Google 1 Chrome 2025-04-11 N/A
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.
CVE-2011-3774 1 Bishop Bettini 1 Phpesp 2025-04-11 N/A
php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files.
CVE-2011-4283 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.
CVE-2011-3670 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.
CVE-2011-3779 1 Idevspot 1 Phphostbot 2025-04-11 N/A
PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files.
CVE-2011-3785 1 Phppointofsale 1 Php Point Of Sale 2025-04-11 N/A
PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files.
CVE-2012-3796 1 Pro-face 2 Pro-server Ex, Wingp Pc Runtime 2025-04-11 N/A
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.