PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
Max CVSS
5.0
EPSS Score
0.20%
Published
2012-08-26
Updated
2012-08-27
The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
Max CVSS
5.0
EPSS Score
0.31%
Published
2012-08-23
Updated
2017-08-29
About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page.
Max CVSS
5.0
EPSS Score
0.39%
Published
2012-08-22
Updated
2017-08-29
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.
Max CVSS
4.0
EPSS Score
0.12%
Published
2012-08-22
Updated
2012-11-20
The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK.
Max CVSS
5.0
EPSS Score
0.23%
Published
2012-08-14
Updated
2012-08-28
Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.33%
Published
2012-08-13
Updated
2017-08-29
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.33%
Published
2012-08-13
Updated
2017-08-29
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message.
Max CVSS
4.3
EPSS Score
0.29%
Published
2012-08-13
Updated
2012-08-14
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.
Max CVSS
4.3
EPSS Score
1.61%
Published
2012-08-13
Updated
2017-08-29
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI.
Max CVSS
5.0
EPSS Score
0.20%
Published
2012-08-10
Updated
2012-08-10
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.
Max CVSS
5.0
EPSS Score
0.35%
Published
2012-08-21
Updated
2012-09-07
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site.
Max CVSS
4.3
EPSS Score
0.33%
Published
2012-08-21
Updated
2018-12-04
The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card.
Max CVSS
4.3
EPSS Score
0.08%
Published
2012-08-17
Updated
2012-08-20
The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
Max CVSS
4.3
EPSS Score
0.18%
Published
2012-08-17
Updated
2015-11-10
The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application.
Max CVSS
5.0
EPSS Score
0.22%
Published
2012-08-07
Updated
2012-12-18
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.
Max CVSS
4.3
EPSS Score
0.21%
Published
2012-08-29
Updated
2020-08-26
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.
Max CVSS
4.3
EPSS Score
0.49%
Published
2012-08-29
Updated
2017-09-19
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.
Max CVSS
5.0
EPSS Score
0.24%
Published
2012-08-29
Updated
2020-09-09
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
Max CVSS
4.0
EPSS Score
0.56%
Published
2012-08-06
Updated
2019-07-10
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.
Max CVSS
3.3
EPSS Score
0.17%
Published
2012-08-29
Updated
2013-10-10
routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack.
Max CVSS
5.0
EPSS Score
0.64%
Published
2012-08-26
Updated
2013-08-22
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
Max CVSS
4.3
EPSS Score
0.26%
Published
2012-08-22
Updated
2021-06-06
The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call.
Max CVSS
5.0
EPSS Score
0.34%
Published
2012-08-12
Updated
2012-08-13
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
Max CVSS
5.0
EPSS Score
0.60%
Published
2012-08-27
Updated
2013-02-07
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.10%
Published
2012-08-16
Updated
2019-10-09
44 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!