Total
10191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3903 | 2 Asterisk, Trixbox | 2 P B X, Pbx | 2025-04-09 | N/A |
| Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2008-3900 | 1 Intel | 1 Bios | 2025-04-09 | N/A |
| Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | ||||
| CVE-2009-0852 | 1 Stewart Howe | 1 Celerbb | 2025-04-09 | N/A |
| showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter. | ||||
| CVE-2007-5576 | 2 Bea, Oracle | 5 Tuxedo, Weblogic Integration, Weblogic Server and 2 more | 2025-04-09 | N/A |
| BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. | ||||
| CVE-2008-1111 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | N/A |
| mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information. | ||||
| CVE-2009-1293 | 1 Novell | 1 Teaming | 2025-04-09 | N/A |
| The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. | ||||
| CVE-2006-6637 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." | ||||
| CVE-2009-1296 | 1 Ubuntu | 2 73-oubuntu, Ubuntu | 2025-04-09 | N/A |
| The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root. | ||||
| CVE-2009-1870 | 2 Adobe, Redhat | 4 Air, Flash Player, Flex and 1 more | 2025-04-09 | N/A |
| Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." | ||||
| CVE-2009-1949 | 1 Unclassified | 1 Newsboard | 2025-04-09 | N/A |
| import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | ||||
| CVE-2009-4535 | 1 Valenok | 1 Mongoose | 2025-04-09 | N/A |
| Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI. | ||||
| CVE-2006-6886 | 1 Phpwcms | 1 Phpwcms | 2025-04-09 | N/A |
| phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages. | ||||
| CVE-2009-4073 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. | ||||
| CVE-2009-4254 | 1 Phpee | 1 Pphlogger | 2025-04-09 | N/A |
| PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to (1) edCss.inc.php, (2) foot.inc.php, (3) get_csscolors.inc.php, (4) head.inc.php, (5) head_stuff.inc.php, (6) loglist.inc.php, and (7) pphlogger_send.inc.php in include/, which reveals the installation path in an error message. | ||||
| CVE-2007-0058 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2025-04-09 | N/A |
| Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file. | ||||
| CVE-2009-4333 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. | ||||
| CVE-2007-6095 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-09 | N/A |
| The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. | ||||
| CVE-2009-4529 | 1 Intervations | 1 Navicopa Web Server | 2025-04-09 | N/A |
| InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs. | ||||
| CVE-2009-4530 | 1 Sergey Lyubka | 1 Mongoose | 2025-04-09 | N/A |
| Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. | ||||
| CVE-2009-4531 | 1 Jasper | 1 Httpdx | 2025-04-09 | N/A |
| httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI. | ||||