Vulnerabilities (CVE)

Filtered by CWE-200
Total 8075 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3756 1 Microblog 1 Microblog 2012-03-12 5.0 MEDIUM N/A
MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files.
CVE-2011-3749 1 Maptools 1 Ka-map 2012-03-12 5.0 MEDIUM N/A
ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files.
CVE-2011-3742 1 Helpcenterlive 1 Helpcenter Live 2012-03-12 5.0 MEDIUM N/A
HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files.
CVE-2011-3733 1 Elgg 1 Elgg 2012-03-12 5.0 MEDIUM N/A
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.
CVE-2011-3744 1 Htmlpurifier 1 Html Purifier 2012-03-12 5.0 MEDIUM N/A
HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files.
CVE-2011-3759 1 Mybb 1 Mybb 2012-03-12 5.0 MEDIUM N/A
MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files.
CVE-2011-3745 1 Hycus 1 Hycus Cms 2012-03-12 5.0 MEDIUM N/A
HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php.
CVE-2011-3734 1 Energine 1 Energine 2012-03-12 5.0 MEDIUM N/A
Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain other files.
CVE-2011-3750 1 Kplaylist 1 Kplaylist 2012-03-12 5.0 MEDIUM N/A
kPlaylist 1.8.502 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by getid3/getid3/write.id3v1.php and certain other files.
CVE-2011-3752 1 Limesurvey 1 Limesurvey 2012-03-12 5.0 MEDIUM N/A
LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.
CVE-2011-3738 1 Fengoffice 1 Feng Office 2012-03-12 5.0 MEDIUM N/A
Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
CVE-2010-5068 1 Opera 1 Opera Browser 2012-03-08 4.3 MEDIUM N/A
The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
CVE-2011-3179 1 Novell 2 Groupwise Messenger, Messenger 2012-03-05 5.0 MEDIUM N/A
The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command.
CVE-2011-4872 1 Htc 9 Desire Hd, Desire S, Droid Incredible and 6 more 2012-02-16 2.6 LOW N/A
Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.
CVE-2011-3375 1 Apache 1 Tomcat 2012-02-16 5.0 MEDIUM N/A
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
CVE-2011-2720 1 Glpi-project 1 Glpi 2012-02-16 5.0 MEDIUM N/A
The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.
CVE-2011-3497 1 Measuresoft 1 Scadapro 2012-02-14 10.0 HIGH N/A
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
CVE-2011-3163 1 Hp 1 Multifunction Peripheral Digital Sending Software 2012-02-14 1.2 LOW N/A
HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.
CVE-2011-5066 1 Ibm 1 Websphere Application Server 2012-02-08 2.1 LOW N/A
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file.
CVE-2011-4143 1 Rsa 1 Envision 2012-02-06 5.0 MEDIUM N/A
EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors.