Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2590 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2018-10-16 | 6.4 MEDIUM | N/A |
| Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp. | |||||
| CVE-2007-1237 | 1 Bj Sintay | 1 Sitex | 2018-10-16 | 5.0 MEDIUM | N/A |
| sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error. | |||||
| CVE-2007-1194 | 1 Norman | 1 Norman Sandbox Analyzer | 2018-10-16 | 2.1 LOW | N/A |
| Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze. | |||||
| CVE-2007-1044 | 1 Pearson Education | 1 Powerschool | 2018-10-16 | 5.0 MEDIUM | N/A |
| Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2. | |||||
| CVE-2007-1116 | 1 Mozilla | 1 Firefox | 2018-10-16 | 5.0 MEDIUM | N/A |
| The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history. | |||||
| CVE-2007-0259 | 1 Ezboxx | 1 Ezboxx Portal System | 2018-10-16 | 7.8 HIGH | N/A |
| Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message. | |||||
| CVE-2007-0011 | 1 Citrix | 1 Access Gateway | 2018-10-16 | 5.0 MEDIUM | N/A |
| The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. | |||||
| CVE-2006-6953 | 1 Globetrotter | 1 Mobility Manager | 2018-10-16 | 2.1 LOW | N/A |
| The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots. | |||||
| CVE-2008-0978 | 1 Double-take Software | 1 Double-take | 2018-10-15 | 5.0 MEDIUM | N/A |
| Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries. | |||||
| CVE-2008-0901 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Server | 2018-10-15 | 7.1 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | |||||
| CVE-2008-0784 | 1 Cacti | 1 Cacti | 2018-10-15 | 5.0 MEDIUM | N/A |
| graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. | |||||
| CVE-2008-0736 | 1 Shoppingtree | 1 Candypress Store | 2018-10-15 | 5.0 MEDIUM | N/A |
| admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter. | |||||
| CVE-2008-0636 | 1 Level Platforms | 1 Managed Workplace Service Center | 2018-10-15 | 5.0 MEDIUM | N/A |
| Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information. | |||||
| CVE-2008-0593 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 4.3 MEDIUM | N/A |
| Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. | |||||
| CVE-2008-0420 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-15 | 9.3 HIGH | N/A |
| modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. | |||||
| CVE-2008-0395 | 1 Kayako | 1 Supportsuite | 2018-10-15 | 5.0 MEDIUM | N/A |
| Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal. | |||||
| CVE-2008-0136 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2018-10-15 | 5.0 MEDIUM | N/A |
| Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path. | |||||
| CVE-2008-0191 | 1 Wordpress | 1 Wordpress | 2018-10-15 | 5.0 MEDIUM | N/A |
| WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. | |||||
| CVE-2008-0195 | 1 Wordpress | 1 Wordpress | 2018-10-15 | 5.0 MEDIUM | N/A |
| WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. | |||||
| CVE-2008-0082 | 1 Microsoft | 1 Windows Messenger | 2018-10-15 | 10.0 HIGH | N/A |
| An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. | |||||