Export limit exceeded: 10441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10441 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4332 | 2 Barandisolutions, Wordpress | 2 Shareyourcart, Wordpress | 2025-04-11 | N/A |
| The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK. | ||||
| CVE-2012-4257 | 1 George Karpouzas | 1 Yet Another Question \& Answer System | 2025-04-11 | N/A |
| Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message. | ||||
| CVE-2012-4256 | 2 Joobi, Joomla | 2 Com Jnews, Joomla\! | 2025-04-11 | N/A |
| The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. | ||||
| CVE-2012-4255 | 1 Mysqldumper | 1 Mysqldumper | 2025-04-11 | N/A |
| MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. | ||||
| CVE-2012-4254 | 1 Mysqldumper | 1 Mysqldumper | 2025-04-11 | N/A |
| MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php. | ||||
| CVE-2012-4235 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2025-04-11 | N/A |
| The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | ||||
| CVE-2012-4208 | 4 Canonical, Mozilla, Opensuse and 1 more | 8 Ubuntu Linux, Firefox, Seamonkey and 5 more | 2025-04-11 | N/A |
| The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. | ||||
| CVE-2012-3581 | 1 Symantec | 1 Messaging Gateway | 2025-04-11 | N/A |
| Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. | ||||
| CVE-2012-3529 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors. | ||||
| CVE-2012-3519 | 1 Tor | 1 Tor | 2025-04-11 | N/A |
| routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. | ||||
| CVE-2012-3502 | 1 Apache | 1 Http Server | 2025-04-11 | N/A |
| The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. | ||||
| CVE-2012-3493 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2025-04-11 | N/A |
| The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId. | ||||
| CVE-2012-3474 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | N/A |
| The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call. | ||||
| CVE-2012-3430 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. | ||||
| CVE-2012-3419 | 1 Sgi | 1 Performance Co-pilot | 2025-04-11 | N/A |
| Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. | ||||
| CVE-2012-3394 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2012-3357 | 1 Viewvc | 1 Viewvc | 2025-04-11 | N/A |
| The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." | ||||
| CVE-2012-3354 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2025-04-11 | N/A |
| doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message. | ||||
| CVE-2012-2731 | 2 Drupal, Richardo Ante | 2 Drupal, Ubercart Ajax Cart | 2025-04-11 | N/A |
| The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. | ||||
| CVE-2012-2668 | 2 Openldap, Redhat | 2 Openldap, Enterprise Linux | 2025-04-11 | N/A |
| libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information. | ||||