Total
8075 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0806 | 1 Fenrir-inc | 1 Sleipnir Mobile | 2014-08-11 | 4.3 MEDIUM | N/A |
The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls. | |||||
CVE-2014-3853 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 5.0 MEDIUM | N/A |
Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
CVE-2014-3852 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 5.0 MEDIUM | N/A |
Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
CVE-2014-3851 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 2.1 LOW | N/A |
usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file. | |||||
CVE-2014-3045 | 1 Ibm | 1 Scale Out Network Attached Storage | 2014-08-04 | 2.1 LOW | N/A |
IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access. | |||||
CVE-2014-2356 | 1 Innominate | 1 Mguard Firmware | 2014-08-04 | 5.0 MEDIUM | N/A |
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. | |||||
CVE-2014-4682 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 5.0 MEDIUM | N/A |
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. | |||||
CVE-2014-2368 | 1 Advantech | 1 Advantech Webaccess | 2014-07-23 | 5.0 MEDIUM | N/A |
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||||
CVE-2014-2367 | 1 Advantech | 1 Advantech Webaccess | 2014-07-23 | 4.3 MEDIUM | N/A |
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||||
CVE-2014-2366 | 1 Advantech | 1 Advantech Webaccess | 2014-07-23 | 4.0 MEDIUM | N/A |
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | |||||
CVE-2014-4031 | 1 Arubanetworks | 1 Clearpass | 2014-07-15 | 4.0 MEDIUM | N/A |
The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors. | |||||
CVE-2014-4942 | 1 Levelfourdevelopment | 1 Wp-easycart | 2014-07-14 | 5.0 MEDIUM | N/A |
The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. | |||||
CVE-2013-7060 | 1 Plone | 1 Plone | 2014-06-30 | 5.0 MEDIUM | N/A |
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. | |||||
CVE-2011-2513 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2014-06-25 | 5.0 MEDIUM | N/A |
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader. | |||||
CVE-2014-0134 | 1 Openstack | 1 Compute | 2014-06-21 | 3.5 LOW | N/A |
The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image. | |||||
CVE-2014-4153 | 1 Alienvault | 1 Open Source Security Information Management | 2014-06-19 | 7.8 HIGH | N/A |
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. | |||||
CVE-2014-2000 | 1 Ntt | 1 050 Plus | 2014-06-19 | 2.6 LOW | N/A |
The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files. | |||||
CVE-2013-4728 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message. | |||||
CVE-2013-4727 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx. | |||||
CVE-2013-4725 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |