Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4701 | 1 Nagios | 1 Nagios | 2016-11-28 | 2.1 LOW | N/A |
| The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. | |||||
| CVE-2014-4702 | 1 Nagios | 1 Nagios | 2016-11-28 | 2.1 LOW | N/A |
| The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. | |||||
| CVE-2014-5325 | 1 Directwebremoting | 1 Direct Web Remoting | 2016-11-28 | 5.0 MEDIUM | N/A |
| The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-0919 | 1 Ibm | 1 Db2 | 2016-11-28 | 4.0 MEDIUM | N/A |
| IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities. | |||||
| CVE-2013-3469 | 1 Cisco | 1 Mobility Services Engine | 2016-11-04 | 5.0 MEDIUM | N/A |
| Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. | |||||
| CVE-2015-1000007 | 1 Wptf-image-gallery Project | 1 Wptf-image-gallery | 2016-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download vulnerability in wptf-image-gallery v1.03 | |||||
| CVE-2015-1000008 | 1 Mp3-jplayer Project | 1 Mp3-jplayer | 2016-10-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 | |||||
| CVE-2005-1754 | 2 Apache Tomcat, Sun | 2 Apache Tomcat, Javamail | 2016-10-17 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products." | |||||
| CVE-2005-0797 | 1 Novell | 1 Ichain | 2016-10-17 | 5.0 MEDIUM | N/A |
| Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | |||||
| CVE-2004-1367 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2016-10-17 | 4.4 MEDIUM | N/A |
| Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | |||||
| CVE-2002-2342 | 1 Joe Depasquale | 1 Bannermatic | 2016-10-17 | 5.0 MEDIUM | N/A |
| Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files. | |||||
| CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2016-10-17 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. | |||||
| CVE-1999-0606 | 1 Seaside Enterprises | 1 Ezmall | 2016-10-17 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. | |||||
| CVE-2016-2307 | 1 American Auto-matrix | 2 Aspect-matrix Building Automation Front-end Solutions Application, Aspect-nexus Building Automation Front-end Solutions Application | 2016-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file. | |||||
| CVE-2015-0800 | 2 Google, Mozilla | 2 Android, Firefox | 2016-10-03 | 5.0 MEDIUM | N/A |
| The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808. | |||||
| CVE-2014-0059 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2016-09-30 | 2.1 LOW | N/A |
| JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-8336 | 1 Huawei | 2 Fusioncompute, Fusioncompute Firmware | 2016-09-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | |||||
| CVE-2016-5722 | 1 Huawei | 8 Ocean Stor 18500 V3, Ocean Stor 18800 V3, Ocean Stor 5300 V3 and 5 more | 2016-09-29 | 7.5 HIGH | 7.3 HIGH |
| Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. | |||||
| CVE-2016-6146 | 1 Sap | 1 Trex | 2016-09-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | |||||
| CVE-2016-3639 | 1 Sap | 1 Hana Db | 2016-09-28 | 5.0 MEDIUM | 4.3 MEDIUM |
| SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. | |||||