Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1931 | 1 Visibility Software | 1 Cyber Recruiter | 2014-02-21 | 4.3 MEDIUM | N/A |
| The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests. | |||||
| CVE-2014-1930 | 1 Visibility Software | 1 Cyber Recruiter | 2014-02-21 | 4.3 MEDIUM | N/A |
| Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
| CVE-2012-1171 | 1 Php | 1 Php | 2014-02-18 | 5.0 MEDIUM | N/A |
| The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. | |||||
| CVE-2013-4739 | 2 Codeaurora, Qualcomm | 2 Android-msm, Quic Mobile Station Modem Kernel | 2014-02-07 | 4.9 MEDIUM | N/A |
| The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via (1) a crafted MSM_MCR_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c, or (2) a crafted MSM_JPEG_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c. | |||||
| CVE-2013-6447 | 1 Redhat | 1 Jboss Seam 2 Framework | 2014-01-23 | 5.0 MEDIUM | N/A |
| Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file. | |||||
| CVE-2013-0157 | 1 Kernel | 1 Util-linux | 2014-01-22 | 2.1 LOW | N/A |
| (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. | |||||
| CVE-2010-5292 | 1 Amberdms | 1 Amberdms Billing System | 2014-01-10 | 1.9 LOW | N/A |
| Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job. | |||||
| CVE-2014-1234 | 1 Paratrooper-newrelic Project | 1 Paratrooper-newrelic | 2014-01-10 | 2.1 LOW | N/A |
| The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process. | |||||
| CVE-2014-1233 | 1 Tobias Maier | 1 Paratrooper-pingdom | 2014-01-10 | 2.1 LOW | N/A |
| The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process. | |||||
| CVE-2013-7224 | 1 Fatfreecrm | 1 Fat Free Crm | 2014-01-03 | 5.0 MEDIUM | N/A |
| Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json. | |||||
| CVE-2013-7249 | 1 Fatfreecrm | 1 Fat Free Crm | 2014-01-03 | 5.0 MEDIUM | N/A |
| Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224. | |||||
| CVE-2012-0263 | 1 Op5 | 1 Monitor | 2014-01-02 | 4.0 MEDIUM | N/A |
| monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config. | |||||
| CVE-2013-4775 | 1 Netgear | 11 Prosafe Firmware, Prosafe Gs510tp, Prosafe Gs724t and 8 more | 2013-12-19 | 7.8 HIGH | N/A |
| NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config. | |||||
| CVE-2013-4569 | 1 Mediawiki | 1 Mediawiki | 2013-12-16 | 4.3 MEDIUM | N/A |
| The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page. | |||||
| CVE-2013-6791 | 1 Microsoft | 1 Enhanced Mitigation Experience Toolkit | 2013-12-13 | 4.3 MEDIUM | N/A |
| Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack. | |||||
| CVE-2013-0786 | 1 Mozilla | 1 Bugzilla | 2013-12-13 | 5.0 MEDIUM | N/A |
| The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debug mode for a query. | |||||
| CVE-2012-4198 | 1 Mozilla | 1 Bugzilla | 2013-12-13 | 4.0 MEDIUM | N/A |
| The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover private group names by observing whether a call throws an error. | |||||
| CVE-2012-3354 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2013-12-13 | 4.3 MEDIUM | N/A |
| doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message. | |||||
| CVE-2011-3727 | 1 Dokuwiki | 1 Dokuwiki | 2013-12-13 | 5.0 MEDIUM | N/A |
| DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. | |||||
| CVE-2013-4617 | 1 Jahia | 1 Jahia Xcm | 2013-11-29 | 5.0 MEDIUM | N/A |
| Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||