Search Results (10718 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5589 2 Drupal, Netgenius 2 Drupal, Multilink 2025-04-11 N/A
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.
CVE-2012-5561 3 Cloudforms Systemengine, Katello, Rhel Sam 3 1, Katello, 1.2 2025-04-11 N/A
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
CVE-2012-5554 2 Coleman Watts, Drupal 2 Webform Civicrm, Drupal 2025-04-11 N/A
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms.
CVE-2012-5552 2 Drupal, Erikwebb 2 Drupal, Password Policy 2025-04-11 N/A
The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks."
CVE-2013-1455 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
CVE-2012-5516 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.
CVE-2012-5509 2 Cloudforms Cloudengine, Redhat 2 1, Cloudforms Cloud Engine 2025-04-11 N/A
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.
CVE-2012-5473 1 Moodle 1 Moodle 2025-04-11 N/A
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search.
CVE-2012-4698 1 Siemens 4 Ros, Rox I Os, Rox Ii Os and 1 more 2025-04-11 N/A
Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.
CVE-2012-4674 1 Pluxml 1 Pluxml 2025-04-11 N/A
PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
CVE-2012-4605 1 Websense 1 Websense Email Security 2025-04-11 N/A
The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
CVE-2012-4591 1 Mcafee 1 Enterprise Mobility Manager 2025-04-11 N/A
About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page.
CVE-2012-4583 1 Mcafee 2 Email And Web Security, Email Gateway 2025-04-11 N/A
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.
CVE-2013-1454 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
CVE-2012-4530 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-4511 1 Gnome 1 Libsocialweb 2025-04-11 N/A
services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
CVE-2012-4503 1 Tuxfamily 1 Chrony 2025-04-11 N/A
cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.
CVE-2012-3829 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
CVE-2012-3798 2 Bryce Hamrick, Drupal 2 Janrain Capture, Drupal 2025-04-11 N/A
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.
CVE-2012-3796 1 Pro-face 2 Pro-server Ex, Wingp Pc Runtime 2025-04-11 N/A
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.