Export limit exceeded: 341248 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10189 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0050 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | ||||
| CVE-2007-5335 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs. | ||||
| CVE-2008-1155 | 1 Cisco | 1 Network Admission Control | 2025-04-09 | N/A |
| Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs. | ||||
| CVE-2008-4164 | 1 Memht | 1 Memht Portal | 2025-04-09 | N/A |
| cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | ||||
| CVE-2008-2028 | 1 Minibb | 1 Minibb | 2025-04-09 | N/A |
| miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message. | ||||
| CVE-2008-1166 | 1 Flyspray | 1 Flyspray | 2025-04-09 | N/A |
| Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | ||||
| CVE-2008-0082 | 1 Microsoft | 1 Windows Messenger | 2025-04-09 | N/A |
| An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. | ||||
| CVE-2008-0136 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | N/A |
| Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path. | ||||
| CVE-2009-1803 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2025-04-09 | N/A |
| FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2008-0297 | 1 Keil Software | 1 Photokorn | 2025-04-09 | N/A |
| PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. | ||||
| CVE-2008-2937 | 2 Postfix, Redhat | 2 Postfix, Enterprise Linux | 2025-04-09 | N/A |
| Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. | ||||
| CVE-2009-3756 | 1 Kreotek | 1 Phpbms | 2025-04-09 | N/A |
| phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message. | ||||
| CVE-2009-4533 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2025-04-09 | N/A |
| The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. | ||||
| CVE-2008-0996 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. | ||||
| CVE-2007-6190 | 1 Cisco | 1 Unified Ip Phone | 2025-04-09 | N/A |
| The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. | ||||
| CVE-2008-1135 | 1 Omegasoft | 1 Interneserviceslosungen | 2025-04-09 | N/A |
| OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2008-2049 | 1 E-post Corporation | 1 Mail Server | 2025-04-09 | N/A |
| The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. | ||||
| CVE-2008-4820 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2025-04-09 | N/A |
| Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2008-3304 | 1 Tuxplanet | 1 Bilboblog | 2025-04-09 | N/A |
| BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message. | ||||
| CVE-2008-3339 | 1 Avidweb Technologies | 1 Jobbex Jobsite | 2025-04-09 | N/A |
| search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message. | ||||