Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6744 | 1 Flexerasoftware | 1 Installshield | 2012-01-19 | 2.1 LOW | N/A |
| Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe. | |||||
| CVE-2011-2769 | 1 Tor | 1 Tor | 2012-01-18 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. | |||||
| CVE-2011-3220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 4.3 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | |||||
| CVE-2011-0231 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | |||||
| CVE-2011-4896 | 1 Tor | 1 Tor | 2011-12-29 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port. | |||||
| CVE-2011-4897 | 1 Tor | 1 Tor | 2011-12-29 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value. | |||||
| CVE-2011-4894 | 1 Tor | 1 Tor | 2011-12-22 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. | |||||
| CVE-2011-4895 | 1 Tor | 1 Tor | 2011-12-22 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building. | |||||
| CVE-2011-4766 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2011-12-16 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment. | |||||
| CVE-2011-4850 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2011-12-16 | 4.3 MEDIUM | N/A |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files. | |||||
| CVE-2011-4497 | 1 Asus | 2 Rt-n56u, Rt-n56u Firmware | 2011-11-21 | 3.3 LOW | N/A |
| QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. | |||||
| CVE-2011-4457 | 1 Owasp-java-html-sanitizer Project | 1 Owasp-java-html-sanitizer | 2011-11-17 | 2.6 LOW | N/A |
| OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element. | |||||
| CVE-2011-2774 | 1 Mahara | 1 Mahara | 2011-11-14 | 4.0 MEDIUM | N/A |
| The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter. | |||||
| CVE-2011-0736 | 1 Adobe | 1 Coldfusion | 2011-11-07 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure. | |||||
| CVE-2011-0737 | 1 Adobe | 1 Coldfusion | 2011-11-07 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure. | |||||
| CVE-2011-0197 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-10-26 | 2.1 LOW | N/A |
| App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. | |||||
| CVE-2010-4804 | 1 Google | 1 Android | 2011-10-26 | 4.3 MEDIUM | N/A |
| The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. | |||||
| CVE-2011-3720 | 1 Conceptcms | 1 Conceptcms | 2011-10-20 | 5.0 MEDIUM | N/A |
| conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by sys_libs/umlib/um_authserver.inc.php and certain other files. | |||||
| CVE-2011-0187 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2011-10-20 | 4.3 MEDIUM | N/A |
| The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect. | |||||
| CVE-2011-3253 | 1 Apple | 1 Iphone Os | 2011-10-14 | 2.6 LOW | N/A |
| CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | |||||