Total
8775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3793 | 1 Lucidcrew | 1 Pixie | 2024-09-17 | N/A |
| Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files. | ||||
| CVE-2011-3718 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-17 | N/A |
| CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444. | ||||
| CVE-2017-13304 | 1 Google | 1 Android | 2024-09-17 | N/A |
| A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999. | ||||
| CVE-2011-3729 | 1 Dotproject | 1 Dotproject | 2024-09-17 | N/A |
| dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files. | ||||
| CVE-2017-8572 | 1 Microsoft | 1 Outlook | 2024-09-17 | N/A |
| Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability". | ||||
| CVE-2017-0815 | 1 Google | 1 Android | 2024-09-17 | N/A |
| An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567. | ||||
| CVE-2017-11511 | 1 Manageengine | 1 Servicedesk | 2024-09-17 | N/A |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | ||||
| CVE-2018-1528 | 1 Ibm | 8 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 5 more | 2024-09-17 | N/A |
| IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290. | ||||
| CVE-2021-45475 | 1 Yordam | 1 Library Automation System | 2024-09-17 | 5.3 Medium |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. | ||||
| CVE-2018-1675 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-09-17 | N/A |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110. | ||||
| CVE-2013-4272 | 2 Botcha Spam Prevention Project, Drupal | 2 Botcha, Drupal | 2024-09-17 | N/A |
| The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. | ||||
| CVE-2017-8688 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-09-17 | N/A |
| Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685. | ||||
| CVE-2022-41618 | 1 Davidlingren | 1 Media Library Assistant | 2024-09-17 | 3.7 Low |
| Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. | ||||
| CVE-2022-28764 | 1 Zoom | 3 Meetings, Rooms, Vdi Windows Meeting Clients | 2024-09-17 | 3.3 Low |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. | ||||
| CVE-2019-11268 | 1 Pivotal Software | 1 Cloud Foundry Uaa-release | 2024-09-17 | 4.3 Medium |
| Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones. | ||||
| CVE-2018-20606 | 1 Txjia | 1 Imcat | 2024-09-17 | N/A |
| imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | ||||
| CVE-2009-4300 | 1 Moodle | 1 Moodle | 2024-09-17 | N/A |
| Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. | ||||
| CVE-2012-2302 | 2 Drupal, Nancy Wichmann | 2 Drupal, Sitedoc | 2024-09-17 | N/A |
| Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-4046 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2024-09-17 | N/A |
| The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. | ||||
| CVE-2021-21564 | 1 Dell | 1 Openmanage Enterprise | 2024-09-17 | 9.8 Critical |
| Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | ||||