Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8701 | 1 Wondercms | 1 Wondercms | 2017-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. | |||||
| CVE-2015-3882 | 1 Qdpm | 1 Qdpm | 2017-03-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message. | |||||
| CVE-2015-3881 | 1 Qdpm | 1 Qdpm | 2017-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml. | |||||
| CVE-2014-8723 | 1 Get-simple | 1 Getsimple Cms | 2017-03-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. | |||||
| CVE-2016-10135 | 1 Lg | 1 Lg Mobile | 2017-03-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019. | |||||
| CVE-2016-10140 | 1 Zoneminder | 1 Zoneminder | 2017-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI. | |||||
| CVE-2017-5674 | 1 Embedthis | 1 Goahead | 2017-03-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password. | |||||
| CVE-2016-1185 | 1 Cybozu | 1 Kintone | 2017-03-14 | 2.6 LOW | 2.5 LOW |
| The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. | |||||
| CVE-2017-5933 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2017-03-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | |||||
| CVE-2016-8940 | 1 Ibm | 1 Tivoli Storage Manager | 2017-03-14 | 4.0 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946. | |||||
| CVE-2016-5813 | 1 Visonic | 2 Powerlink2, Powerlink2 Firmware | 2017-03-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE). | |||||
| CVE-2016-10143 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. | |||||
| CVE-2016-9720 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2017-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533. | |||||
| CVE-2016-3127 | 1 Blackberry | 1 Good Control Server | 2017-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server. | |||||
| CVE-2017-1124 | 1 Ibm | 1 Maximo Asset Management | 2017-03-09 | 1.9 LOW | 2.9 LOW |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053. | |||||
| CVE-2016-4950 | 1 Cloudera | 1 Manager | 2017-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. | |||||
| CVE-2016-4947 | 1 Cloudera | 1 Hue | 2017-03-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. | |||||
| CVE-2016-9725 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-03-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539. | |||||
| CVE-2016-4949 | 1 Cloudera | 1 Manager | 2017-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. | |||||
| CVE-2017-5865 | 1 Owncloud | 1 Owncloud | 2017-03-07 | 4.3 MEDIUM | 3.7 LOW |
| The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. | |||||