Total
6955 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3171 | 1 Apple | 1 Safari | 2017-08-07 | 5.0 MEDIUM | N/A |
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
CVE-2008-3259 | 1 Openbsd | 1 Openssh | 2017-08-07 | 1.2 LOW | N/A |
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. | |||||
CVE-2008-3339 | 1 Avidweb Technologies | 1 Jobbex Jobsite | 2017-08-07 | 6.8 MEDIUM | N/A |
search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message. | |||||
CVE-2008-3451 | 1 Phpwebgallery | 1 Phpwebgallery | 2017-08-07 | 4.0 MEDIUM | N/A |
PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | |||||
CVE-2008-3539 | 2 Hp, Microsoft | 12 Hpsi Acf2 Connector, Hpsi Active Directory Connector, Hpsi Bidir Dirx Connector and 9 more | 2017-08-07 | 2.1 LOW | N/A |
Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. | |||||
CVE-2008-3550 | 1 Ibm | 1 Rational Clearquest | 2017-08-07 | 5.0 MEDIUM | N/A |
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | |||||
CVE-2008-1288 | 1 Ibm | 1 Rational Clearquest | 2017-08-07 | 5.0 MEDIUM | N/A |
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies. | |||||
CVE-2008-1318 | 1 Mediawiki | 1 Mediawiki | 2017-08-07 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results. | |||||
CVE-2008-1330 | 1 Novell | 1 Groupwise | 2017-08-07 | 3.5 LOW | N/A |
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | |||||
CVE-2008-1578 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 2.1 LOW | N/A |
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
CVE-2008-1579 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.0 MEDIUM | N/A |
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. | |||||
CVE-2008-1567 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-07 | 2.1 LOW | N/A |
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | |||||
CVE-2008-1580 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2017-08-07 | 4.3 MEDIUM | N/A |
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. | |||||
CVE-2008-1618 | 1 Watchguard | 1 Firebox Pptp Vpn | 2017-08-07 | 5.0 MEDIUM | N/A |
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. | |||||
CVE-2008-1752 | 1 Achmad Zaenuri | 1 Ezradius | 2017-08-07 | 7.5 HIGH | N/A |
ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-1924 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-07 | 3.5 LOW | N/A |
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. | |||||
CVE-2008-2049 | 1 E-post Corporation | 1 Mail Server | 2017-08-07 | 4.3 MEDIUM | N/A |
The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. | |||||
CVE-2008-2120 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2017-08-07 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | |||||
CVE-2008-2318 | 1 Apple | 2 Xcode, Xcode Tools | 2017-08-07 | 5.0 MEDIUM | N/A |
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. | |||||
CVE-2008-2329 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 1.9 LOW | N/A |
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. |