Skip to main content

129 docs tagged with "Information_Disclosure"

View all tags

CVE-2003-1000

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request w

CVE-2006-0074

SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary

CVE-2006-0107

SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands

CVE-2006-0115

Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to ex

CVE-2006-0154

SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to exec

CVE-2006-6927

Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL

CVE-2007-0049

Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other acc

CVE-2007-0129

SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attacker

CVE-2007-0142

SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote att

CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0

CVE-2007-6665

SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to exe

CVE-2008-0089

SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrar

CVE-2008-3819

dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote

CVE-2008-5813

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2

CVE-2008-5851

SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to

CVE-2008-5867

Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary file

CVE-2008-5882

SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) befo

CVE-2008-5892

Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary

CVE-2009-0049

Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the

CVE-2009-0051

ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function,

CVE-2009-5038

Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after

CVE-2009-5039

Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS befor

CVE-2009-5040

CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a

CVE-2010-10002

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSA

CVE-2010-4670

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security App

CVE-2010-4671

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5

CVE-2010-4672

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow

CVE-2010-4673

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow

CVE-2010-4674

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2010-4675

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not prop

CVE-2010-4676

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2010-4677

emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) al

CVE-2010-4678

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit pack

CVE-2010-4679

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not prop

CVE-2010-4680

The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2010-4681

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2010-4682

Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2

CVE-2010-4683

Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service

CVE-2010-4684

Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to caus

CVE-2010-4685

Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map,

CVE-2010-4686

CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic

CVE-2010-4687

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly

CVE-2010-4688

Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA)

CVE-2010-4689

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not prop

CVE-2010-4690

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devic

CVE-2010-4692

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2011-3337

eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Securit

CVE-2011-5020

An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.

CVE-2012-2714

The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to

CVE-2013-0001

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.

CVE-2013-3944

Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote

CVE-2013-3945

The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary

CVE-2013-3946

Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote a

CVE-2013-6242

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not valid

CVE-2013-6974

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System

CVE-2013-6982

The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction o

CVE-2014-0651

The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce author

CVE-2014-0652

Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA)

CVE-2014-0653

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allow

CVE-2014-0654

Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack

CVE-2014-0655

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allow

CVE-2014-0656

Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of cer

CVE-2014-0657

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier do

CVE-2014-0658

Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) vi

CVE-2014-0663

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System

CVE-2014-0664

The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service

CVE-2014-3764

Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto N

CVE-2014-5209

An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET

CVE-2014-8020

Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a deni

CVE-2014-8031

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attacke

CVE-2014-8033

The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administ

CVE-2014-8035

The web framework in Cisco WebEx Meetings Server produces different returned messages for URL reques

CVE-2014-8036

The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which a

CVE-2014-9435

Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to ex

CVE-2014-9520

SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote atta

CVE-2014-9908

A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows mal

CVE-2015-0582

The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to c

CVE-2016-5346

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver

CVE-2016-6587

An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec

CVE-2017-15402

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the

CVE-2017-20161

A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the functi

CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID paramete

CVE-2019-19310

GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.

CVE-2019-19332

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the

CVE-2019-20213

D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUT

CVE-2019-5007

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds

CVE-2020-25680

A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificat

CVE-2020-35204

Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code

CVE-2020-36158

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel t

CVE-2020-5497

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to user

CVE-2020-5499

Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in whic

CVE-2021-1637

Windows DNS Query Information Disclosure Vulnerability

CVE-2021-1656

TPM Device Driver Information Disclosure Vulnerability

CVE-2021-1663

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

CVE-2021-1670

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

CVE-2021-1672

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

CVE-2021-1676

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

CVE-2021-1696

Windows Graphics Component Information Disclosure Vulnerability

CVE-2021-1699

Windows (modem.sys) Information Disclosure Vulnerability

CVE-2021-1725

Bot Framework SDK Information Disclosure Vulnerability

CVE-2021-20048

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenti

CVE-2021-21469

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been t

CVE-2021-30270

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation

CVE-2021-30271

Possible null pointer dereference in trap handler due to lack of thread ID validation before derefer

CVE-2021-37121

There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may ele

CVE-2021-40010

The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability

CVE-2021-40014

The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitatio

CVE-2021-40018

The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerabi

CVE-2021-40021

The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulne

CVE-2021-40025

The eID module has a vulnerability that causes the memory to be used without being initialized,Succe

CVE-2021-40027

The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of

CVE-2021-40028

The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulne

CVE-2021-40032

The bone voice ID TA has a vulnerability in information management,Successful exploitation of this v

CVE-2021-43951

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated re

CVE-2021-44878

If an OpenID Connect provider supports the 'none' algorithm (i.e., tokens with no signature), pac4j

CVE-2021-45411

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via S

CVE-2022-20616

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method

CVE-2022-21877

Storage Spaces Controller Information Disclosure Vulnerability

CVE-2022-21964

Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability

CVE-2022-22846

The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matche

CVE-2023-22452

kenny2automate is a Discord bot. In the web interface for server settings, form elements were genera