Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3714 1 Csphere 1 Clansphere 2025-04-11 N/A
ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php.
CVE-2011-3716 1 Claroline 1 Claroline 2025-04-11 N/A
Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files.
CVE-2011-3717 1 Clip-bucket 1 Clipbucket 2025-04-11 N/A
ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files.
CVE-2011-3719 1 Codeigniter 1 Codeigniter 2025-04-11 N/A
CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files.
CVE-2011-3811 1 Tomatocart 1 Tomatocart 2025-04-11 N/A
TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files.
CVE-2011-3813 1 Vwar 1 Virtual War 2025-04-11 N/A
Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files.
CVE-2011-3823 1 Yamamah 1 Yamamah 2025-04-11 N/A
Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files.
CVE-2011-3824 1 Yourls 1 Yourls 2025-04-11 N/A
Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files.
CVE-2012-0211 1 Devscripts Devel Team 1 Devscripts 2025-04-11 N/A
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.
CVE-2012-0212 1 Devscripts Devel Team 1 Devscripts 2025-04-11 N/A
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
CVE-2012-0862 2 Redhat, Xinetd 2 Enterprise Linux, Xinetd 2025-04-11 N/A
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
CVE-2012-0992 1 Openemr 1 Openemr 2025-04-11 N/A
interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter.
CVE-2011-4006 1 Cisco 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software 2025-04-11 N/A
The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565.
CVE-2011-4092 1 Ubuntu Developers 1 Obby 2025-04-11 N/A
obby (aka libobby) does not verify SSL server certificates, which allows remote attackers to spoof servers via an arbitrary certificate.
CVE-2011-4129 1 Gnome 1 Libsocialweb 2025-04-11 N/A
(1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
CVE-2010-2729 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-11 N/A
The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
CVE-2011-4279 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.
CVE-2011-4283 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.
CVE-2012-0447 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2025-04-11 N/A
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
CVE-2012-0448 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address.