Total
10294 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9853 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. | ||||
| CVE-2014-8762 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-12 | N/A |
| The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. | ||||
| CVE-2014-8678 | 1 Manageengine | 1 Oputils | 2025-04-12 | N/A |
| The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile." | ||||
| CVE-2014-8735 | 1 Bad Behavior Project | 1 Bad Behavior | 2025-04-12 | N/A |
| The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file. | ||||
| CVE-2014-8736 | 1 Open Atrium Project | 1 Open Atrium | 2025-04-12 | N/A |
| The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node. | ||||
| CVE-2014-8637 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-12 | N/A |
| Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element. | ||||
| CVE-2014-8761 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-12 | N/A |
| inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call. | ||||
| CVE-2014-8788 | 1 Gleamtech | 1 Filevista | 2025-04-12 | N/A |
| GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. | ||||
| CVE-2014-3064 | 1 Ibm | 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | N/A |
| The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to read arbitrary files via a crafted UNIX file parameter. | ||||
| CVE-2014-8832 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. | ||||
| CVE-2014-8834 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. | ||||
| CVE-2014-8839 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. | ||||
| CVE-2014-8874 | 1 Kennziffer | 1 Ke Questionnaire | 2025-04-12 | N/A |
| The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2015-3044 | 7 Adobe, Apple, Linux and 4 more | 13 Flash Player, Mac Os X, Linux Kernel and 10 more | 2025-04-12 | N/A |
| Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-8921 | 1 Ibm | 1 Notes Traveler Companion | 2025-04-12 | N/A |
| The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message. | ||||
| CVE-2015-1686 | 1 Microsoft | 2 Internet Explorer, Vbscript | 2025-04-12 | N/A |
| The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass." | ||||
| CVE-2014-9018 | 1 Icecast | 1 Icecast | 2025-04-12 | N/A |
| Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. | ||||
| CVE-2014-9025 | 1 Commerceguys | 1 Commerce | 2025-04-12 | N/A |
| The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-9044 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | N/A |
| Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack. | ||||
| CVE-2014-9046 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol. | ||||