Total
7978 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-1555 | 1 Cisco | 1 Wvc54gca | 2009-05-23 | N/A |
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390. | ||||
CVE-2009-1556 | 1 Cisco | 1 Wvc54gca | 2009-05-23 | N/A |
img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507. | ||||
CVE-2008-6722 | 1 Novell | 1 Access Manager | 2009-04-29 | N/A |
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache. | ||||
CVE-2008-4688 | 1 Mantis | 1 Mantis | 2009-02-10 | N/A |
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number. | ||||
CVE-2003-1561 | 1 Opera | 1 Opera | 2009-01-29 | N/A |
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | ||||
CVE-2003-1560 | 1 Netscape | 1 Navigator | 2009-01-29 | N/A |
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | ||||
CVE-2007-5549 | 1 Cisco | 1 Ios | 2008-11-15 | N/A |
Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
CVE-2007-6095 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2008-11-15 | N/A |
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. | ||||
CVE-2007-6418 | 1 Debian | 1 Debian Linux | 2008-11-15 | N/A |
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments. | ||||
CVE-2007-5816 | 1 Contentcustomizer | 1 Contentcustomizer | 2008-11-15 | N/A |
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page. | ||||
CVE-2007-5470 | 1 Microsoft | 1 Expression Media | 2008-11-15 | N/A |
Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. | ||||
CVE-2007-5196 | 1 Suse | 1 Suse Linux | 2008-11-15 | N/A |
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. | ||||
CVE-2007-5195 | 1 Suse | 1 Suse Linux | 2008-11-15 | N/A |
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196. | ||||
CVE-2007-5011 | 1 Wilson Windowware | 1 Webbatch | 2008-11-15 | N/A |
webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter. | ||||
CVE-2000-0132 | 1 Microsoft | 1 Virtual Machine | 2008-09-10 | N/A |
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. | ||||
CVE-2007-5555 | 1 Symantec | 1 Altiris Deployment Solution | 2008-09-05 | N/A |
Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
CVE-2007-4669 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | N/A |
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. | ||||
CVE-2002-1432 | 1 Coxco Support | 7 A-cart, Metacart, Midicart Asp and 4 more | 2008-09-05 | N/A |
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. |