OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) shared/footer.php, (2) circ/mbr_fields.php, or (3) admin/custom_marc_form_fields.php, which reveals the path in various error messages.
Max CVSS
5.0
EPSS Score
0.51%
Published
2007-12-31
Updated
2018-10-15
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
Max CVSS
5.0
EPSS Score
0.64%
Published
2007-12-31
Updated
2018-10-15
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.
Max CVSS
6.8
EPSS Score
1.70%
Published
2007-12-27
Updated
2018-10-15
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.
Max CVSS
7.8
EPSS Score
0.71%
Published
2007-12-24
Updated
2018-10-15
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
Max CVSS
4.3
EPSS Score
0.61%
Published
2007-12-21
Updated
2018-10-15
HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method.
Max CVSS
4.3
EPSS Score
0.89%
Published
2007-12-21
Updated
2017-08-08
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc.
Max CVSS
5.0
EPSS Score
0.38%
Published
2007-12-21
Updated
2018-10-15
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.
Max CVSS
5.5
EPSS Score
0.32%
Published
2007-12-20
Updated
2018-10-15
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
Max CVSS
5.0
EPSS Score
0.33%
Published
2007-12-20
Updated
2017-09-29
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-12-18
Updated
2008-11-15
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-12-18
Updated
2018-10-30
IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
Max CVSS
5.0
EPSS Score
0.33%
Published
2007-12-17
Updated
2018-10-15
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
Max CVSS
6.4
EPSS Score
1.40%
Published
2007-12-17
Updated
2018-10-15
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
Max CVSS
4.9
EPSS Score
0.07%
Published
2007-12-18
Updated
2022-02-25
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-12-15
Updated
2017-08-08
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.8
EPSS Score
0.30%
Published
2007-12-04
Updated
2017-07-29
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-12-04
Updated
2020-08-12
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.
Max CVSS
5.0
EPSS Score
0.89%
Published
2007-12-01
Updated
2018-10-15
18 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!