Export limit exceeded: 10367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10367 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3711 | 1 Bigace | 1 Bigace | 2025-04-11 | N/A |
| BIGACE 2.7.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/libs/javascript.inc.php and certain other files. | ||||
| CVE-2011-3702 | 1 Anantasoft | 1 Ananta Gazelle | 2025-04-11 | N/A |
| Ananta Gazelle 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/template.php and certain other files. | ||||
| CVE-2011-3699 | 1 John Lim | 1 Adodb | 2025-04-11 | N/A |
| John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files. | ||||
| CVE-2011-3697 | 1 Achievo | 1 Achievo | 2025-04-11 | N/A |
| Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files. | ||||
| CVE-2011-3695 | 1 111webcalendar | 1 111webcalendar | 2025-04-11 | N/A |
| 111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files. | ||||
| CVE-2011-3670 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | ||||
| CVE-2011-3663 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | N/A |
| Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page. | ||||
| CVE-2011-3404 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." | ||||
| CVE-2011-3220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | ||||
| CVE-2012-4909 | 1 Google | 2 Android, Chrome | 2025-04-11 | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | ||||
| CVE-2013-4301 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | N/A |
| includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message. | ||||
| CVE-2013-3319 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | ||||
| CVE-2011-2784 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry. | ||||
| CVE-2012-4198 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover private group names by observing whether a call throws an error. | ||||
| CVE-2011-1498 | 1 Apache | 1 Httpclient | 2025-04-11 | N/A |
| Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header. | ||||
| CVE-2011-1246 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." | ||||
| CVE-2012-4013 | 1 Cybozu | 1 Kunai Browser For Remote Service | 2025-04-11 | N/A |
| The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. | ||||
| CVE-2012-4007 | 2 Google, Mixi | 2 Android, Mixi | 2025-04-11 | N/A |
| The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. | ||||
| CVE-2012-4006 | 3 Google, Gree, Kddi \& Gree | 9 Android, Gree, Haconiwa and 6 more | 2025-04-11 | N/A |
| The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2011-0197 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. | ||||