Total
10190 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6063 | 1 Microsoft | 1 Word | 2025-04-09 | N/A |
| Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. | ||||
| CVE-2008-2246 | 1 Microsoft | 2 Windows-nt, Windows Vista | 2025-04-09 | N/A |
| Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2008-1113 | 2 Cisco, Vocera Communications | 2 7921 Wireless Ip Phone, Vocera Communications Badge | 2025-04-09 | N/A |
| Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | ||||
| CVE-2008-2018 | 1 Phpizabi | 1 Phpizabi | 2025-04-09 | N/A |
| The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user. | ||||
| CVE-2007-5473 | 2 Microsoft, Mono | 2 Windows, Mono | 2025-04-09 | N/A |
| StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. | ||||
| CVE-2006-5725 | 1 Aep Networks | 1 Smartgate Ssl Server | 2025-04-09 | N/A |
| The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories. | ||||
| CVE-2008-3040 | 1 Typo3 | 1 Dam Frontend Extension | 2025-04-09 | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2008-3060 | 1 V-webmail | 1 V-webmail | 2025-04-09 | N/A |
| V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. | ||||
| CVE-2008-1782 | 1 Advanced Software Engineering | 1 Chartdirector | 2025-04-09 | N/A |
| phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter. | ||||
| CVE-2008-3914 | 1 Clamav | 1 Clamav | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. | ||||
| CVE-2008-3339 | 1 Avidweb Technologies | 1 Jobbex Jobsite | 2025-04-09 | N/A |
| search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message. | ||||
| CVE-2008-3168 | 1 Empire Server | 1 Empire Server | 2025-04-09 | N/A |
| The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed. | ||||
| CVE-2009-2042 | 2 Libpng, Redhat | 2 Libpng, Enterprise Linux | 2025-04-09 | N/A |
| libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. | ||||
| CVE-2007-5431 | 2 Javaatwork, Scottmanktelow | 2 Myftpuploader Module, Stride | 2025-04-09 | N/A |
| include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code. | ||||
| CVE-2007-5444 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | N/A |
| CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files. | ||||
| CVE-2008-2723 | 1 Menalto | 1 Gallery | 2025-04-09 | N/A |
| embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." | ||||
| CVE-2008-3400 | 1 Xrms | 1 Xrms Crm | 2025-04-09 | N/A |
| XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function. | ||||
| CVE-2008-0085 | 1 Microsoft | 7 Data Engine, Sql Server, Sql Server Desktop Engine and 4 more | 2025-04-09 | N/A |
| SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. | ||||
| CVE-2007-3074 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI. | ||||
| CVE-2007-5899 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. | ||||