Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5497 | 1 Plone | 1 Plone | 2014-10-10 | 5.0 MEDIUM | N/A |
| membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | |||||
| CVE-2013-6496 | 1 Redhat | 1 Conga | 2014-10-07 | 5.0 MEDIUM | N/A |
| Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. | |||||
| CVE-2014-3400 | 1 Cisco | 1 Webex Meetings Server | 2014-10-06 | 4.0 MEDIUM | N/A |
| Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. | |||||
| CVE-2010-3860 | 1 Redhat | 1 Icedtea | 2014-10-04 | 5.0 MEDIUM | N/A |
| IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | |||||
| CVE-2012-5505 | 1 Plone | 1 Plone | 2014-10-02 | 5.0 MEDIUM | N/A |
| atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | |||||
| CVE-2012-5492 | 1 Plone | 1 Plone | 2014-10-01 | 5.0 MEDIUM | N/A |
| uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. | |||||
| CVE-2012-5491 | 1 Plone | 1 Plone | 2014-10-01 | 4.3 MEDIUM | N/A |
| z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | |||||
| CVE-2014-5320 | 1 Bump Project | 1 Bump | 2014-09-22 | 5.0 MEDIUM | N/A |
| The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application. | |||||
| CVE-2014-2377 | 1 Ecava | 1 Integraxor | 2014-09-16 | 5.0 MEDIUM | N/A |
| Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. | |||||
| CVE-2014-4862 | 1 Netmaster | 2 Cbw700 Software, Netmaster Cbw700n | 2014-09-08 | 5.0 MEDIUM | N/A |
| The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request. | |||||
| CVE-2014-4863 | 1 Arris | 2 Touchstone Dg950a, Touchstone Dg950a Software | 2014-09-08 | 5.0 MEDIUM | N/A |
| The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. | |||||
| CVE-2014-5036 | 1 Eucalyptus | 1 Eucalyptus | 2014-09-08 | 1.9 LOW | N/A |
| The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs. | |||||
| CVE-2014-5076 | 1 Labanquepostale | 1 Labanquepostale | 2014-09-02 | 4.3 MEDIUM | N/A |
| The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework. | |||||
| CVE-2014-3862 | 1 Hl7 | 1 C-cda | 2014-09-02 | 4.3 MEDIUM | N/A |
| CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log. | |||||
| CVE-2014-0806 | 1 Fenrir-inc | 1 Sleipnir Mobile | 2014-08-11 | 4.3 MEDIUM | N/A |
| The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls. | |||||
| CVE-2014-3853 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 5.0 MEDIUM | N/A |
| Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2014-3852 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 5.0 MEDIUM | N/A |
| Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-3851 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 2.1 LOW | N/A |
| usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file. | |||||
| CVE-2014-3045 | 1 Ibm | 1 Scale Out Network Attached Storage | 2014-08-04 | 2.1 LOW | N/A |
| IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access. | |||||
| CVE-2014-2356 | 1 Innominate | 1 Mguard Firmware | 2014-08-04 | 5.0 MEDIUM | N/A |
| Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. | |||||
| CVE-2014-4682 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 5.0 MEDIUM | N/A |
| The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. | |||||
| CVE-2014-2368 | 1 Advantech | 1 Advantech Webaccess | 2014-07-23 | 5.0 MEDIUM | N/A |
| The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||||
| CVE-2014-2367 | 1 Advantech | 1 Advantech Webaccess | 2014-07-23 | 4.3 MEDIUM | N/A |
| The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||||
| CVE-2014-2366 | 1 Advantech | 1 Advantech Webaccess | 2014-07-23 | 4.0 MEDIUM | N/A |
| upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | |||||
| CVE-2014-4031 | 1 Arubanetworks | 1 Clearpass | 2014-07-15 | 4.0 MEDIUM | N/A |
| The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors. | |||||
| CVE-2014-4942 | 1 Levelfourdevelopment | 1 Wp-easycart | 2014-07-14 | 5.0 MEDIUM | N/A |
| The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2014-3485 | 1 Redhat | 1 Enterprise Virtualization | 2014-07-11 | 4.0 MEDIUM | N/A |
| The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-0174 | 1 Redhat | 1 Enterprise Mrg | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2013-7060 | 1 Plone | 1 Plone | 2014-06-30 | 5.0 MEDIUM | N/A |
| Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. | |||||
| CVE-2011-2513 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2014-06-25 | 5.0 MEDIUM | N/A |
| The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader. | |||||
| CVE-2014-0134 | 1 Openstack | 1 Compute | 2014-06-21 | 3.5 LOW | N/A |
| The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image. | |||||
| CVE-2014-4153 | 1 Alienvault | 1 Open Source Security Information Management | 2014-06-19 | 7.8 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. | |||||
| CVE-2014-2000 | 1 Ntt | 1 050 Plus | 2014-06-19 | 2.6 LOW | N/A |
| The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files. | |||||
| CVE-2013-4728 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message. | |||||
| CVE-2013-4727 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx. | |||||
| CVE-2013-4725 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2013-4724 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-3946 | 1 Typo3 | 1 Typo3 | 2014-06-04 | 4.0 MEDIUM | N/A |
| The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors. | |||||
| CVE-2014-3787 | 1 Sap | 1 Netweaver | 2014-05-20 | 5.0 MEDIUM | N/A |
| SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | |||||
| CVE-2014-0521 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-05-14 | 4.3 MEDIUM | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document. | |||||
| CVE-2014-3242 | 1 Makina-corpus | 1 Soappy | 2014-05-13 | 5.0 MEDIUM | N/A |
| SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-6472 | 1 Mediawiki | 1 Mediawiki | 2014-05-13 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists. | |||||
| CVE-2014-3129 | 1 Sap | 1 Netweaver Software Lifecycle Manager | 2014-05-10 | 5.0 MEDIUM | N/A |
| The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | |||||
| CVE-2013-0174 | 1 Theforeman | 1 Foreman | 2014-05-08 | 5.0 MEDIUM | N/A |
| The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. | |||||
| CVE-2013-2006 | 1 Openstack | 1 Keystone | 2014-05-05 | 2.1 LOW | N/A |
| OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. | |||||
| CVE-2014-2545 | 1 Tibco | 4 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot and 1 more | 2014-05-01 | 5.0 MEDIUM | N/A |
| TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request. | |||||
| CVE-2013-7373 | 1 Google | 1 Android | 2014-04-30 | 7.5 HIGH | N/A |
| Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. | |||||
| CVE-2013-7111 | 1 Basespace Ruby Sdk Project | 1 Basespace Ruby Sdk | 2014-04-29 | 5.0 MEDIUM | N/A |
| The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes. | |||||
| CVE-2014-2185 | 1 Cisco | 1 Unified Communications Manager | 2014-04-29 | 4.0 MEDIUM | N/A |
| The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | |||||
| CVE-2014-2392 | 1 Open-xchange | 1 Open-xchange Appsuite | 2014-04-24 | 4.3 MEDIUM | N/A |
| The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||