Vulnerabilities (CVE)

Filtered by CWE-200
Total 8075 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2871 1 Paperthin 1 Commonspot Content Server 2014-04-16 5.0 MEDIUM N/A
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-2869 1 Paperthin 1 Commonspot Content Server 2014-04-16 5.0 MEDIUM N/A
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information.
CVE-2014-0772 1 Advantech 1 Advantech Webaccess 2014-04-14 5.0 MEDIUM N/A
The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
CVE-2014-0771 1 Advantech 1 Advantech Webaccess 2014-04-14 5.0 MEDIUM N/A
The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
CVE-2014-1515 2 Google, Mozilla 2 Android, Firefox 2014-04-01 1.9 LOW N/A
Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.
CVE-2013-6656 1 Google 1 Chrome 2014-04-01 5.0 MEDIUM N/A
The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-2567 1 Trojita Project 1 Trojita 2014-03-26 4.3 MEDIUM N/A
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command.
CVE-2014-0708 1 Cisco 1 Webex Meeting Center 2014-03-24 5.0 MEDIUM N/A
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272.
CVE-2013-2086 1 Owncloud 1 Owncloud 2014-03-17 5.0 MEDIUM N/A
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.
CVE-2013-6493 1 Redhat 1 Icedtea-web 2014-03-16 2.1 LOW N/A
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
CVE-2014-1274 1 Apple 1 Iphone Os 2014-03-14 2.1 LOW N/A
FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.
CVE-2013-4194 1 Plone 1 Plone 2014-03-12 4.3 MEDIUM N/A
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
CVE-2014-0006 1 Openstack 1 Swift 2014-03-08 4.3 MEDIUM N/A
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
CVE-2013-6419 1 Openstack 1 Havana 2014-03-08 5.0 MEDIUM N/A
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.
CVE-2013-4112 2 Jgroups, Redhat 2 Jgroup, Jboss Enterprise Application Platform 2014-03-08 5.4 MEDIUM N/A
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
CVE-2012-0825 1 Drupal 1 Drupal 2014-03-08 6.8 MEDIUM N/A
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
CVE-2014-2264 1 Synology 1 Diskstation Manager 2014-03-03 7.8 HIGH N/A
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
CVE-2013-6953 1 Dotnetblogengine 1 Blogengine.net 2014-02-25 5.0 MEDIUM N/A
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
CVE-2013-2074 1 Kde 1 Kdelibs 2014-02-25 5.0 MEDIUM N/A
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
CVE-2011-4327 1 Openbsd 1 Openssh 2014-02-21 2.1 LOW N/A
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.