Total
8795 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5129 | 1 Boesch-it | 1 Simpgb | 2024-11-21 | N/A |
| SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. | ||||
| CVE-2007-5034 | 2 Elinks, Redhat | 2 Elinks, Enterprise Linux | 2024-11-21 | N/A |
| ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https. | ||||
| CVE-2007-5028 | 1 Dibbler | 1 Dibbler | 2024-11-21 | N/A |
| Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors. | ||||
| CVE-2007-5022 | 1 Ibm | 1 Tivoli Storage Manager Client | 2024-11-21 | N/A |
| Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2, when using "server-initiated prompted scheduling," allows remote attackers to read a client's data, aka IC53616. | ||||
| CVE-2007-5011 | 1 Wilson Windowware | 1 Webbatch | 2024-11-21 | N/A |
| webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter. | ||||
| CVE-2007-4991 | 1 Microsoft | 1 Isa Server | 2024-11-21 | N/A |
| The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet. | ||||
| CVE-2007-4861 | 1 Quirm | 1 Saxon | 2024-11-21 | N/A |
| SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages. | ||||
| CVE-2007-4688 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | N/A |
| The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. | ||||
| CVE-2007-4669 | 1 Firebirdsql | 1 Firebird | 2024-11-21 | N/A |
| The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. | ||||
| CVE-2007-4656 | 1 Backup Manager | 1 Backup Manager | 2024-11-21 | N/A |
| backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. | ||||
| CVE-2007-4655 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi. | ||||
| CVE-2007-4514 | 1 Hp | 1 Procurve Manager | 2024-11-21 | N/A |
| Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors. | ||||
| CVE-2007-3850 | 3 Apple, Linux, Redhat | 3 Powerpc, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
| The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space. | ||||
| CVE-2007-3756 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2024-11-21 | N/A |
| Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. | ||||
| CVE-2007-3656 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs. | ||||
| CVE-2007-3651 | 1 Fascript | 1 Faname | 2024-11-21 | N/A |
| class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message. | ||||
| CVE-2007-3650 | 1 Mywebland | 1 Mybloggie | 2024-11-21 | N/A |
| myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages. | ||||
| CVE-2007-3385 | 2 Apache, Redhat | 7 Tomcat, Certificate System, Enterprise Linux and 4 more | 2024-11-21 | N/A |
| Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. | ||||
| CVE-2007-3382 | 2 Apache, Redhat | 7 Tomcat, Certificate System, Enterprise Linux and 4 more | 2024-11-21 | N/A |
| Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. | ||||
| CVE-2007-3074 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI. | ||||