Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.
Max CVSS
5.0
EPSS Score
2.10%
Published
2009-12-31
Updated
2010-01-04
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.54%
Published
2009-12-31
Updated
2017-08-17
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
Max CVSS
5.0
EPSS Score
4.01%
Published
2009-12-31
Updated
2017-08-17
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI.
Max CVSS
5.0
EPSS Score
0.17%
Published
2009-12-31
Updated
2010-01-04
InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs.
Max CVSS
5.0
EPSS Score
11.46%
Published
2009-12-31
Updated
2017-08-17
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption).
Max CVSS
5.0
EPSS Score
0.29%
Published
2009-12-30
Updated
2017-08-17
CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.10%
Published
2009-12-18
Updated
2009-12-21
The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.
Max CVSS
7.5
EPSS Score
0.53%
Published
2009-12-16
Updated
2010-06-29
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
Max CVSS
4.3
EPSS Score
0.21%
Published
2009-12-16
Updated
2010-06-29
extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.30%
Published
2009-12-14
Updated
2018-10-10
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.
Max CVSS
5.0
EPSS Score
0.24%
Published
2009-12-16
Updated
2020-12-01
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.23%
Published
2009-12-16
Updated
2020-12-01
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
Max CVSS
5.0
EPSS Score
0.24%
Published
2009-12-16
Updated
2020-12-01
PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to (1) edCss.inc.php, (2) foot.inc.php, (3) get_csscolors.inc.php, (4) head.inc.php, (5) head_stuff.inc.php, (6) loglist.inc.php, and (7) pphlogger_send.inc.php in include/, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.30%
Published
2009-12-10
Updated
2017-08-17
The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.
Max CVSS
5.0
EPSS Score
0.70%
Published
2009-12-08
Updated
2017-08-17
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.41%
Published
2009-12-02
Updated
2018-10-10
WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.34%
Published
2009-12-02
Updated
2018-10-10
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-12-23
Updated
2017-09-19
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.
Max CVSS
7.8
EPSS Score
0.57%
Published
2009-12-17
Updated
2017-09-19
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
Max CVSS
7.1
EPSS Score
0.82%
Published
2009-12-10
Updated
2018-10-30
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-12-15
Updated
2017-08-17
21 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!