Vulnerabilities (CVE)

Filtered by CWE-200
Total 8279 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-5325 1 Directwebremoting 1 Direct Web Remoting 2024-02-04 5.0 MEDIUM N/A
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-9506 1 Mantisbt 1 Mantisbt 2024-02-04 3.5 LOW N/A
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.
CVE-2015-1892 1 Ibm 2 Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware 2024-02-04 5.0 MEDIUM N/A
The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
CVE-2014-8082 1 Testlink 1 Testlink 2024-02-04 5.0 MEDIUM N/A
lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.
CVE-2015-3404 1 Certify Project 1 Certify 2024-02-04 4.0 MEDIUM N/A
The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing (and creating) the PDF certificates."
CVE-2014-1908 1 Videowhisper 1 Videowhisper Live Streaming Integration 2024-02-04 5.0 MEDIUM N/A
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
CVE-2015-0844 2 Fedoraproject, Wesnoth 2 Fedora, Battle For Wesnoth 2024-02-04 5.0 MEDIUM N/A
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
CVE-2014-9250 1 Zenoss 1 Zenoss Core 2024-02-04 5.0 MEDIUM N/A
Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418.
CVE-2015-1457 1 Fortinet 1 Fortiauthenticator 2024-02-04 4.9 MEDIUM N/A
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.
CVE-2014-4835 1 Ibm 3 Serverguide, Toolscenter Suite, Updatexpress System Packs Installer 2024-02-04 2.1 LOW N/A
IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file.
CVE-2015-0080 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2024-02-04 4.3 MEDIUM N/A
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Malformed PNG Parsing Information Disclosure Vulnerability."
CVE-2014-4812 1 Ibm 1 Security Appscan Source 2024-02-04 1.8 LOW N/A
The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port.
CVE-2014-6083 1 Ibm 2 Security Access Manager For Mobile, Security Access Manager For Web 2024-02-04 5.0 MEDIUM N/A
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
CVE-2015-1148 1 Apple 1 Mac Os X 2024-02-04 5.0 MEDIUM N/A
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.
CVE-2014-6143 1 Ibm 1 Websphere Datapower Xc10 Appliance Firmware 2024-02-04 2.1 LOW N/A
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response.
CVE-2014-8553 1 Mantisbt 1 Mantisbt 2024-02-04 5.0 MEDIUM N/A
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
CVE-2014-8788 1 Gleamtech 1 Filevista 2024-02-04 4.0 MEDIUM N/A
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.
CVE-2014-5448 1 Zarafa 1 Zarafa 2024-02-04 2.1 LOW N/A
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
CVE-2014-3698 1 Pidgin 1 Pidgin 2024-02-04 5.0 MEDIUM N/A
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
CVE-2014-8008 1 Cisco 1 Unified Communications Manager 2024-02-04 6.8 MEDIUM N/A
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.