Total
10335 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4457 | 1 Cloudflare | 1 Warp | 2025-04-09 | 5.5 Medium |
| Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device. | ||||
| CVE-2023-0023 | 1 Sap | 1 Bank Account Management | 2025-04-09 | 4.5 Medium |
| In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application. | ||||
| CVE-2008-1578 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2007-4514 | 1 Hp | 1 Procurve Manager | 2025-04-09 | N/A |
| Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors. | ||||
| CVE-2007-5379 | 1 David Hansson | 1 Ruby On Rails | 2025-04-09 | N/A |
| Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file. | ||||
| CVE-2007-5444 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | N/A |
| CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files. | ||||
| CVE-2007-5470 | 1 Microsoft | 1 Expression Media | 2025-04-09 | N/A |
| Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. | ||||
| CVE-2007-5576 | 2 Bea, Oracle | 5 Tuxedo, Weblogic Integration, Weblogic Server and 2 more | 2025-04-09 | N/A |
| BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. | ||||
| CVE-2007-2353 | 1 Apache | 1 Axis | 2025-04-09 | N/A |
| Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message. | ||||
| CVE-2007-0042 | 1 Microsoft | 5 .net Framework, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | N/A |
| Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." | ||||
| CVE-2007-5922 | 2 Bitchx, Cypress | 2 Bitchx, Cypress | 2025-04-09 | N/A |
| The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. | ||||
| CVE-2007-6161 | 1 Tilde | 1 Tilde Cms | 2025-04-09 | N/A |
| index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path. | ||||
| CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2025-04-09 | N/A |
| The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | ||||
| CVE-2007-6405 | 1 Shttpd | 1 Shttpd | 2025-04-09 | N/A |
| Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407. | ||||
| CVE-2007-6417 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | ||||
| CVE-2007-6536 | 1 Google | 1 Toolbar | 2025-04-09 | N/A |
| The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. | ||||
| CVE-2008-6737 | 1 Ea | 1 Crysis | 2025-04-09 | N/A |
| Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information. | ||||
| CVE-2007-6660 | 1 2z Project | 1 2z Project | 2025-04-09 | N/A |
| 2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters, which reveals the path in various error messages. | ||||
| CVE-2007-5264 | 1 Battlefront | 1 Dropteam | 2025-04-09 | N/A |
| Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information. | ||||
| CVE-2007-1167 | 1 Dzcp | 1 Dev\!l\'z Clanportal | 2025-04-09 | N/A |
| inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter. | ||||