Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2899 | 1 Vmware | 1 Hyperic Hq | 2012-12-24 | 2.1 LOW | N/A |
| The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments. | |||||
| CVE-2012-4005 | 1 Naver | 1 Nhn Japan Naver Line | 2012-12-18 | 5.0 MEDIUM | N/A |
| The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application. | |||||
| CVE-2012-5544 | 2 Drupal, Thinkshout | 2 Drupal, Mandrill | 2012-12-17 | 4.0 MEDIUM | N/A |
| The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard. | |||||
| CVE-2012-4976 | 1 Layton Technology | 1 Helpbox | 2012-12-12 | 5.0 MEDIUM | N/A |
| selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page. | |||||
| CVE-2012-6313 | 2 Simple Gmail Login, Wordpress | 3 1.1.2, 1.1.3, Wordpress | 2012-12-11 | 5.0 MEDIUM | N/A |
| simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. | |||||
| CVE-2012-5554 | 2 Coleman Watts, Drupal | 2 Webform Civicrm, Drupal | 2012-12-04 | 5.0 MEDIUM | N/A |
| The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms. | |||||
| CVE-2012-3694 | 1 Apple | 1 Safari | 2012-11-30 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. | |||||
| CVE-2012-4583 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-11-20 | 4.0 MEDIUM | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. | |||||
| CVE-2012-5172 | 1 Asial | 1 Monaca Debugger | 2012-11-19 | 5.0 MEDIUM | N/A |
| The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application. | |||||
| CVE-2012-1786 | 2 Kylegilman, Wordpress | 2 Video Embed \& Thumbnail Generator, Wordpress | 2012-11-06 | 5.0 MEDIUM | N/A |
| The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors. | |||||
| CVE-2011-4597 | 1 Digium | 1 Asterisk | 2012-11-06 | 5.0 MEDIUM | N/A |
| The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. | |||||
| CVE-2008-4216 | 1 Apple | 1 Safari | 2012-10-31 | 4.3 MEDIUM | N/A |
| The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." | |||||
| CVE-2008-3644 | 1 Apple | 1 Safari | 2012-10-31 | 1.9 LOW | N/A |
| Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | |||||
| CVE-2007-5379 | 1 David Hansson | 1 Ruby On Rails | 2012-10-31 | 5.0 MEDIUM | N/A |
| Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file. | |||||
| CVE-2012-3996 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-24 | 5.0 MEDIUM | N/A |
| TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. | |||||
| CVE-2011-3798 | 1 Rapidleech | 1 Rapidleech | 2012-10-24 | 5.0 MEDIUM | N/A |
| Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files. | |||||
| CVE-2008-5461 | 1 Oracle | 1 Bea Product Suite | 2012-10-23 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting. | |||||
| CVE-2008-5460 | 1 Oracle | 1 Bea Product Suite | 2012-10-23 | 2.6 LOW | N/A |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2011-3814 | 1 K5n | 1 Webcalendar | 2012-10-13 | 5.0 MEDIUM | N/A |
| WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php and certain other files. | |||||
| CVE-2011-5067 | 1 Sitracker | 1 Support Incident Tracker | 2012-10-12 | 4.0 MEDIUM | N/A |
| move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message. | |||||