Vulnerabilities (CVE)

Filtered by CWE-200
Total 8075 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0806 1 Fenrir-inc 1 Sleipnir Mobile 2014-08-11 4.3 MEDIUM N/A
The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls.
CVE-2014-3853 1 Pyplate 1 Pyplate 2014-08-07 5.0 MEDIUM N/A
Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2014-3852 1 Pyplate 1 Pyplate 2014-08-07 5.0 MEDIUM N/A
Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2014-3851 1 Pyplate 1 Pyplate 2014-08-07 2.1 LOW N/A
usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file.
CVE-2014-3045 1 Ibm 1 Scale Out Network Attached Storage 2014-08-04 2.1 LOW N/A
IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access.
CVE-2014-2356 1 Innominate 1 Mguard Firmware 2014-08-04 5.0 MEDIUM N/A
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.
CVE-2014-4682 1 Siemens 2 Simatic Pcs7, Wincc 2014-07-25 5.0 MEDIUM N/A
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.
CVE-2014-2368 1 Advantech 1 Advantech Webaccess 2014-07-23 5.0 MEDIUM N/A
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
CVE-2014-2367 1 Advantech 1 Advantech Webaccess 2014-07-23 4.3 MEDIUM N/A
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
CVE-2014-2366 1 Advantech 1 Advantech Webaccess 2014-07-23 4.0 MEDIUM N/A
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.
CVE-2014-4031 1 Arubanetworks 1 Clearpass 2014-07-15 4.0 MEDIUM N/A
The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors.
CVE-2014-4942 1 Levelfourdevelopment 1 Wp-easycart 2014-07-14 5.0 MEDIUM N/A
The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.
CVE-2013-7060 1 Plone 1 Plone 2014-06-30 5.0 MEDIUM N/A
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
CVE-2011-2513 1 Redhat 2 Icedtea-web, Icedtea6 2014-06-25 5.0 MEDIUM N/A
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
CVE-2014-0134 1 Openstack 1 Compute 2014-06-21 3.5 LOW N/A
The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.
CVE-2014-4153 1 Alienvault 1 Open Source Security Information Management 2014-06-19 7.8 HIGH N/A
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.
CVE-2014-2000 1 Ntt 1 050 Plus 2014-06-19 2.6 LOW N/A
The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files.
CVE-2013-4728 1 Ddsn 1 Cm3 Acora Content Management System 2014-06-09 5.0 MEDIUM N/A
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.
CVE-2013-4727 1 Ddsn 1 Cm3 Acora Content Management System 2014-06-09 5.0 MEDIUM N/A
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
CVE-2013-4725 1 Ddsn 1 Cm3 Acora Content Management System 2014-06-09 5.0 MEDIUM N/A
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.