Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5654 | 2 Drupal, Nodewords Project | 2 Drupal, Nodewords | 2013-01-02 | 4.3 MEDIUM | N/A |
| The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags. | |||||
| CVE-2012-6466 | 1 Opera | 1 Opera Browser | 2013-01-02 | 5.0 MEDIUM | N/A |
| Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas. | |||||
| CVE-2012-6337 | 1 Samsung | 4 Galaxy Note 2, Galaxy S, Galaxy S2 and 1 more | 2012-12-31 | 3.3 LOW | N/A |
| The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. | |||||
| CVE-2012-5055 | 1 Vmware | 1 Springsource Spring Security | 2012-12-27 | 5.0 MEDIUM | N/A |
| DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests. | |||||
| CVE-2012-5589 | 2 Drupal, Netgenius | 2 Drupal, Multilink | 2012-12-26 | 3.5 LOW | N/A |
| The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link. | |||||
| CVE-2009-2899 | 1 Vmware | 1 Hyperic Hq | 2012-12-23 | 2.1 LOW | N/A |
| The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments. | |||||
| CVE-2012-4005 | 1 Naver | 1 Nhn Japan Naver Line | 2012-12-17 | 5.0 MEDIUM | N/A |
| The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application. | |||||
| CVE-2012-5544 | 2 Drupal, Thinkshout | 2 Drupal, Mandrill | 2012-12-16 | 4.0 MEDIUM | N/A |
| The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard. | |||||
| CVE-2012-4976 | 1 Layton Technology | 1 Helpbox | 2012-12-12 | 5.0 MEDIUM | N/A |
| selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page. | |||||
| CVE-2012-6313 | 2 Simple Gmail Login, Wordpress | 3 1.1.2, 1.1.3, Wordpress | 2012-12-11 | 5.0 MEDIUM | N/A |
| simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. | |||||
| CVE-2012-5554 | 2 Coleman Watts, Drupal | 2 Webform Civicrm, Drupal | 2012-12-03 | 5.0 MEDIUM | N/A |
| The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms. | |||||
| CVE-2012-3694 | 1 Apple | 1 Safari | 2012-11-29 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. | |||||
| CVE-2012-4583 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-11-19 | 4.0 MEDIUM | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. | |||||
| CVE-2012-5172 | 1 Asial | 1 Monaca Debugger | 2012-11-18 | 5.0 MEDIUM | N/A |
| The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application. | |||||
| CVE-2012-1786 | 2 Kylegilman, Wordpress | 2 Video Embed \& Thumbnail Generator, Wordpress | 2012-11-05 | 5.0 MEDIUM | N/A |
| The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors. | |||||
| CVE-2011-4597 | 1 Digium | 1 Asterisk | 2012-11-05 | 5.0 MEDIUM | N/A |
| The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. | |||||
| CVE-2008-4216 | 1 Apple | 1 Safari | 2012-10-30 | 4.3 MEDIUM | N/A |
| The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." | |||||
| CVE-2008-3644 | 1 Apple | 1 Safari | 2012-10-30 | 1.9 LOW | N/A |
| Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | |||||
| CVE-2007-5379 | 1 David Hansson | 1 Ruby On Rails | 2012-10-30 | 5.0 MEDIUM | N/A |
| Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file. | |||||
| CVE-2011-3309 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2012-10-29 | 4.3 MEDIUM | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE responder traffic, aka Bug ID CSCtt07749. | |||||