Vulnerabilities (CVE)

Filtered by CWE-200
Total 8075 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4724 1 Ddsn 1 Cm3 Acora Content Management System 2014-06-09 5.0 MEDIUM N/A
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2014-3946 1 Typo3 1 Typo3 2014-06-04 4.0 MEDIUM N/A
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.
CVE-2014-3787 1 Sap 1 Netweaver 2014-05-20 5.0 MEDIUM N/A
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
CVE-2014-0521 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2014-05-14 4.3 MEDIUM N/A
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document.
CVE-2014-3242 1 Makina-corpus 1 Soappy 2014-05-13 5.0 MEDIUM N/A
SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-6472 1 Mediawiki 1 Mediawiki 2014-05-13 5.0 MEDIUM N/A
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.
CVE-2014-3129 1 Sap 1 Netweaver Software Lifecycle Manager 2014-05-10 5.0 MEDIUM N/A
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.
CVE-2013-0174 1 Theforeman 1 Foreman 2014-05-08 5.0 MEDIUM N/A
The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.
CVE-2013-2006 1 Openstack 1 Keystone 2014-05-05 2.1 LOW N/A
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2014-2545 1 Tibco 4 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot and 1 more 2014-05-01 5.0 MEDIUM N/A
TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request.
CVE-2013-7373 1 Google 1 Android 2014-04-30 7.5 HIGH N/A
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
CVE-2013-7111 1 Basespace Ruby Sdk Project 1 Basespace Ruby Sdk 2014-04-29 5.0 MEDIUM N/A
The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.
CVE-2014-2185 1 Cisco 1 Unified Communications Manager 2014-04-29 4.0 MEDIUM N/A
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
CVE-2014-2392 1 Open-xchange 1 Open-xchange Appsuite 2014-04-24 4.3 MEDIUM N/A
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
CVE-2014-2391 1 Open-xchange 1 Open-xchange Appsuite 2014-04-24 4.3 MEDIUM N/A
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
CVE-2014-1322 1 Apple 1 Mac Os X 2014-04-24 4.9 MEDIUM N/A
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
CVE-2014-0778 1 Progea 1 Movicon 2014-04-21 5.0 MEDIUM N/A
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.
CVE-2014-0644 1 Emc 2 Cloud Tiering Appliance, Cloud Tiering Appliance Software 2014-04-17 7.8 HIGH N/A
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
CVE-2014-2873 1 Paperthin 1 Commonspot Content Server 2014-04-16 5.0 MEDIUM N/A
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.
CVE-2014-2872 1 Paperthin 1 Commonspot Content Server 2014-04-16 5.0 MEDIUM N/A
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors.