Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4014 | 1 Cisco | 1 Wireless Control System Software | 2012-08-19 | 4.0 MEDIUM | N/A |
| The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. | |||||
| CVE-2012-2327 | 1 Mybb | 1 Mybb | 2012-08-14 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. | |||||
| CVE-2012-4255 | 1 Mysqldumper | 1 Mysqldumper | 2012-08-14 | 4.3 MEDIUM | N/A |
| MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. | |||||
| CVE-2012-3474 | 1 Ushahidi | 1 Ushahidi Platform | 2012-08-13 | 5.0 MEDIUM | N/A |
| The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call. | |||||
| CVE-2012-4235 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2012-08-10 | 5.0 MEDIUM | N/A |
| The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | |||||
| CVE-2012-0421 | 1 Novell | 1 Suse Audit Log Keeper | 2012-08-08 | 2.1 LOW | N/A |
| The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file. | |||||
| CVE-2012-2302 | 2 Drupal, Nancy Wichmann | 2 Drupal, Sitedoc | 2012-08-08 | 5.0 MEDIUM | N/A |
| Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-1361 | 1 Cisco | 1 Ios | 2012-08-07 | 4.3 MEDIUM | N/A |
| Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. | |||||
| CVE-2012-1348 | 1 Cisco | 1 Wide Area Application Services | 2012-08-07 | 5.0 MEDIUM | N/A |
| Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. | |||||
| CVE-2008-7292 | 2 Microsoft, Mozilla | 2 Windows, Bugzilla | 2012-08-02 | 2.1 LOW | N/A |
| Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. | |||||
| CVE-2012-2647 | 3 Apple, Google, Yahoo | 3 Safari, Chrome, Toolbar | 2012-07-31 | 5.8 MEDIUM | N/A |
| Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. | |||||
| CVE-2012-3886 | 1 Airdroid | 1 Airdroid | 2012-07-27 | 5.0 MEDIUM | N/A |
| AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack. | |||||
| CVE-2012-3829 | 1 Joomla | 1 Joomla\! | 2012-07-17 | 5.0 MEDIUM | N/A |
| Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | |||||
| CVE-2012-3838 | 1 Babygekko | 1 Baby Gekko | 2012-07-17 | 5.0 MEDIUM | N/A |
| Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php. | |||||
| CVE-2012-3798 | 2 Bryce Hamrick, Drupal | 2 Janrain Capture, Drupal | 2012-06-27 | 5.0 MEDIUM | N/A |
| The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. | |||||
| CVE-2012-0950 | 1 Canonical | 1 Ubuntu Linux | 2012-06-26 | 5.0 MEDIUM | N/A |
| The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949. | |||||
| CVE-2012-2635 | 2 Dolphin-browser, Google | 3 Dolphin Browser Hd, Dolphin For Pad, Android | 2012-06-18 | 4.3 MEDIUM | N/A |
| The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2011-1643 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2012-06-15 | 10.0 HIGH | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. | |||||
| CVE-2008-5683 | 1 Opera | 1 Opera Browser | 2012-06-07 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | |||||
| CVE-2011-3779 | 1 Idevspot | 1 Phphostbot | 2012-05-31 | 5.0 MEDIUM | N/A |
| PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files. | |||||