Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10351 | 1 Telegram Desktop | 1 Telegram Desktop | 2017-09-28 | 2.1 LOW | 5.5 MEDIUM |
| Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations. | |||||
| CVE-2009-1341 | 1 Debian | 1 Libdbd-pg-perl | 2017-09-28 | 5.0 MEDIUM | N/A |
| Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. | |||||
| CVE-2009-1870 | 1 Adobe | 3 Air, Flash Player, Flex | 2017-09-28 | 4.9 MEDIUM | N/A |
| Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." | |||||
| CVE-2009-1949 | 1 Unclassified | 1 Newsboard | 2017-09-28 | 7.8 HIGH | N/A |
| import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2009-2130 | 1 Elvinbts | 1 Elvinbts | 2017-09-28 | 5.0 MEDIUM | N/A |
| Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request. | |||||
| CVE-2008-6420 | 1 Socialsitegenerator | 1 Social Site Generator | 2017-09-28 | 5.0 MEDIUM | N/A |
| Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. | |||||
| CVE-2008-6387 | 1 Activewebsoftwares | 1 Quick Tree View .net | 2017-09-28 | 5.0 MEDIUM | N/A |
| Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb. | |||||
| CVE-2008-6537 | 1 Lightneasy | 1 Lightneasy | 2017-09-28 | 5.0 MEDIUM | N/A |
| LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST. | |||||
| CVE-2008-6872 | 1 Aspthai.net | 1 Aspthai Forums | 2017-09-28 | 5.0 MEDIUM | N/A |
| ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb. | |||||
| CVE-2008-6955 | 1 Infireal | 1 Mxcamarchive | 2017-09-28 | 7.5 HIGH | N/A |
| mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini. | |||||
| CVE-2008-7063 | 1 Ocean12tech | 1 Faq Manager Pro | 2017-09-28 | 5.0 MEDIUM | N/A |
| Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb. | |||||
| CVE-2008-7069 | 1 Paul Arbogast | 1 Accms | 2017-09-28 | 7.5 HIGH | N/A |
| All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat. | |||||
| CVE-2008-7154 | 1 Docebo | 1 Docebo | 2017-09-28 | 5.0 MEDIUM | N/A |
| Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message. | |||||
| CVE-2009-0358 | 1 Mozilla | 1 Firefox | 2017-09-28 | 3.3 LOW | N/A |
| Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | |||||
| CVE-2009-0453 | 1 Onlinegrades | 1 Online Grades | 2017-09-28 | 5.0 MEDIUM | N/A |
| Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2009-0518 | 1 Vmware | 3 Vmware Esx, Vmware Esxi, Vmware Virtualcenter | 2017-09-28 | 2.1 LOW | N/A |
| VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password. | |||||
| CVE-2009-0521 | 2 Adobe, Linux | 2 Flash Player For Linux, Linux | 2017-09-28 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH. | |||||
| CVE-2009-0628 | 1 Cisco | 1 Cisco Ios | 2017-09-28 | 9.0 HIGH | N/A |
| Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak. | |||||
| CVE-2009-0711 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2017-09-28 | 5.0 MEDIUM | N/A |
| filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown. | |||||
| CVE-2008-5936 | 1 Mini-pub | 1 Mini-pub | 2017-09-28 | 5.0 MEDIUM | N/A |
| front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter. | |||||