Total
9896 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0736 | 1 Shoppingtree | 1 Candypress Store | 2025-04-09 | N/A |
| admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter. | ||||
| CVE-2009-3951 | 2 Adobe, Microsoft | 3 Adobe Air, Flash Player, Windows | 2025-04-09 | N/A |
| Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. | ||||
| CVE-2009-4073 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. | ||||
| CVE-2009-0278 | 1 Sun | 1 Java System Application Server | 2025-04-09 | N/A |
| Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. | ||||
| CVE-2007-5264 | 1 Battlefront | 1 Dropteam | 2025-04-09 | N/A |
| Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information. | ||||
| CVE-2008-6981 | 1 Phpadultsite | 1 Phpadultsite Cms | 2025-04-09 | N/A |
| index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid results_per_page parameter, which leaks the path in an error message. NOTE: this issue might be resultant from a separate SQL injection vulnerability. | ||||
| CVE-2009-3086 | 1 Rubyonrails | 1 Rails | 2025-04-09 | N/A |
| A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts. | ||||
| CVE-2009-0348 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | N/A |
| The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2006-6886 | 1 Phpwcms | 1 Phpwcms | 2025-04-09 | N/A |
| phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages. | ||||
| CVE-2008-7146 | 1 Intralearn | 1 Intralearn | 2025-04-09 | N/A |
| IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message. | ||||
| CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2025-04-09 | N/A |
| The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | ||||
| CVE-2009-1703 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. | ||||
| CVE-2009-3452 | 1 Radactive | 1 I-load | 2025-04-09 | N/A |
| WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname. | ||||
| CVE-2009-1700 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | N/A |
| The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. | ||||
| CVE-2008-4033 | 1 Microsoft | 13 Expression Web, Groove, Office and 10 more | 2025-04-09 | N/A |
| Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." | ||||
| CVE-2009-2130 | 1 Elvinbts | 1 Elvinbts | 2025-04-09 | N/A |
| Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request. | ||||
| CVE-2007-3008 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2025-04-09 | N/A |
| Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398. | ||||
| CVE-2008-6896 | 1 3cx | 1 Phone System | 2025-04-09 | N/A |
| login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path. | ||||
| CVE-2009-1076 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2008-6159 | 1 Hans Oesterholt | 1 Cmme | 2025-04-09 | N/A |
| Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function. | ||||