Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4583 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-11-20 | 4.0 MEDIUM | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. | |||||
| CVE-2012-5172 | 1 Asial | 1 Monaca Debugger | 2012-11-19 | 5.0 MEDIUM | N/A |
| The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application. | |||||
| CVE-2012-1786 | 2 Kylegilman, Wordpress | 2 Video Embed \& Thumbnail Generator, Wordpress | 2012-11-06 | 5.0 MEDIUM | N/A |
| The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors. | |||||
| CVE-2011-4597 | 1 Digium | 1 Asterisk | 2012-11-06 | 5.0 MEDIUM | N/A |
| The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. | |||||
| CVE-2008-4216 | 1 Apple | 1 Safari | 2012-10-31 | 4.3 MEDIUM | N/A |
| The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." | |||||
| CVE-2008-3644 | 1 Apple | 1 Safari | 2012-10-31 | 1.9 LOW | N/A |
| Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | |||||
| CVE-2007-5379 | 1 David Hansson | 1 Ruby On Rails | 2012-10-31 | 5.0 MEDIUM | N/A |
| Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file. | |||||
| CVE-2012-3996 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-24 | 5.0 MEDIUM | N/A |
| TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. | |||||
| CVE-2011-3798 | 1 Rapidleech | 1 Rapidleech | 2012-10-24 | 5.0 MEDIUM | N/A |
| Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files. | |||||
| CVE-2008-5461 | 1 Oracle | 1 Bea Product Suite | 2012-10-23 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting. | |||||
| CVE-2008-5460 | 1 Oracle | 1 Bea Product Suite | 2012-10-23 | 2.6 LOW | N/A |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2011-3814 | 1 K5n | 1 Webcalendar | 2012-10-13 | 5.0 MEDIUM | N/A |
| WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php and certain other files. | |||||
| CVE-2011-5067 | 1 Sitracker | 1 Support Incident Tracker | 2012-10-12 | 4.0 MEDIUM | N/A |
| move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message. | |||||
| CVE-2011-2084 | 1 Bestpractical | 1 Rt | 2012-09-29 | 4.0 MEDIUM | N/A |
| Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account. | |||||
| CVE-2012-3034 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2012-09-19 | 4.3 MEDIUM | N/A |
| WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. | |||||
| CVE-2010-4822 | 1 Silverstripe | 1 Silverstripe | 2012-09-18 | 4.3 MEDIUM | N/A |
| core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters. | |||||
| CVE-2012-4013 | 1 Cybozu | 1 Kunai Browser For Remote Service | 2012-09-17 | 4.3 MEDIUM | N/A |
| The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. | |||||
| CVE-2012-4909 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | |||||
| CVE-2012-1579 | 1 Mediawiki | 1 Mediawiki | 2012-09-10 | 5.0 MEDIUM | N/A |
| The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2012-4012 | 1 Cybozu | 1 Kunai | 2012-09-10 | 4.3 MEDIUM | N/A |
| The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. | |||||