Export limit exceeded: 10745 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10745 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4278 2 Microsoft, Vmware 3 Windows, Virtual Infrastructure Client, Virtualcenter 2026-04-23 N/A
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.
CVE-2009-1700 1 Apple 3 Iphone Os, Ipod Touch, Safari 2026-04-23 N/A
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
CVE-2008-3893 1 Microsoft 1 Windows Vista 2026-04-23 5.5 Medium
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
CVE-2008-3010 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Media Player and 2 more 2026-04-23 N/A
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
CVE-2008-2517 1 Sarab 1 Sarab 2026-04-23 N/A
The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2009-2274 1 Huawei 1 D100 2026-04-23 N/A
The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.
CVE-2007-6513 1 Hp 1 Esupportdiagnostics 2026-04-23 N/A
HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method.
CVE-2007-5473 2 Microsoft, Mono 2 Windows, Mono 2026-04-23 N/A
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
CVE-2007-5439 1 Broadcom 1 Etrust Integrated Threat Management 2026-04-23 N/A
CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors.
CVE-2009-4322 1 Zen-cart 1 Zen Cart 2026-04-23 N/A
extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVE-2007-5264 1 Battlefront 1 Dropteam 2026-04-23 N/A
Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information.
CVE-2008-3898 1 Secustar 1 Drivecrypt Plus Pack 2026-04-23 N/A
Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
CVE-2008-6754 2 Jelsoft, Mephisteus 2 Vbulletin, The Personal Sticky Threads 2026-04-23 N/A
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.
CVE-2009-3612 6 Canonical, Fedoraproject, Linux and 3 more 9 Ubuntu Linux, Fedora, Linux Kernel and 6 more 2026-04-23 N/A
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
CVE-2008-3903 2 Asterisk, Trixbox 2 P B X, Pbx 2026-04-23 N/A
Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames.
CVE-2008-6342 2 Lobacher Patrick, Typo3 2 Simplefilebrowser, Typo3 2026-04-23 N/A
Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2008-4183 1 Integramod 1 Integramod 2026-04-23 N/A
IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename.
CVE-2007-5922 2 Bitchx, Cypress 2 Bitchx, Cypress 2026-04-23 N/A
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.
CVE-2006-6999 1 Headstart Solutions 1 Deskpro 2026-04-23 N/A
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.
CVE-2008-3914 1 Clamav 1 Clamav 2026-04-23 N/A
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.