CWE:
 

Topic
Date
Author
Med.
Joomla! Component Joomanager 2.0.0 com_Joomanager Arbitrary File Download
06.03.2018
Luth1er
Med.
Joomla! Component K2 2.8.0 Arbitrary File Download
28.02.2018
Ihsan Sencan
High
Joomla! Jtag Members Directory 5.3.7 Arbitrary File Download
29.01.2018
Ihsan Sencan
Med.
ManageEngine Netflow Analyzer / IT360 Arbitrary File Download
26.01.2018
Agile
High
D-Link Routers 110/412/615/815 Arbitrary Code Execution
12.01.2018
Cr0n1c
High
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
11.01.2018
Omar Mezrag
Med.
DotNetNuke DreamSlider 01.01.02 Arbitrary File Download
28.12.2017
Glafkos Charalambous
Med.
Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Read
13.12.2017
Jakub Palaczynski
High
Joomla! Component Joomanager 2.0.0 Arbitrary File Download
31.08.2017
Ihsan Sencan
Low
WebFile Explorer 1.0 Arbitrary File Download
11.08.2017
Ihsan Sencan
Low
Barracuda WAF V360 Firmware 8.0.1.014 Username / Session ID Leak
07.07.2017
Matt Bergin
Med.
Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure
07.07.2017
Matt Bergin
Med.
Riverbed SteelHead VCX 9.6.0a Arbitrary File Read
02.06.2017
Gregory DRAPERI
High
Simple File Uploader Arbitrary File Download
28.04.2017
Daniel Godoy
Med.
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
25.04.2017
Matt Bergin
High
WordPress Membership Simplified 1.58 Arbitrary File Download
17.03.2017
Larry W. Cashdollar
Med.
Tiki Wiki CMS 15.2 Arbitrary File Read
12.03.2017
Zhao Liang
High
Collabo TeamBusiness Collaboration Network Arbitrary File Download
10.02.2017
Ihsan Sencan
Med.
FTP Made Easy PRO 1.2 Arbitrary File Download
09.02.2017
Ihsan Sencan
High
Easy File Uploader 1.2 Arbitrary File Download
09.02.2017
Ihsan Sencan
Med.
Spark 2.5 Arbitrary File Read
05.11.2016
aj
High
AVer Information EH6108H+ Authentication Bypass / Inforation Exposure
28.09.2016
Multiple
High
Siemens IP Camera 0.1.69 Arbitrary File Download
15.09.2016
vuppala.Dhanunjaya
High
Joomla AceFTP Arbitrary File Download
16.08.2016
howucan
High
Tiki Wiki CMS 15.0 Arbitrary File Download
12.07.2016
Kacper Szurek
Low
Open-Xchange App Suite 7.8.1 Information Disclosure
23.06.2016
Martin Heiland
Med.
Monsta Box WebFTP Arbitrary File Read
11.04.2016
Imre RAD
High
WordPress HB Audio Gallery Lite 1.0.0 Arbitrary File Download
23.03.2016
CrashBandicot
High
WordPress Memphis Document Library 3.1.5 Arbitrary File Download
23.03.2016
Felipe Molina
High
Open-Xchange Guard 2.2.0 / 2.0 Private Key Disclosure
04.03.2016
Martin Heiland
High
Tequila File Hosting 1.5 Arbitrary File Download
16.12.2015
Ashiyane Digital Secur...
High
ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization
21.11.2015
Karn Ganeshen
High
articleFR 3.0.7 Arbitrary File Read
27.10.2015
cfreer & 0keeTeam
High
ADH-Web Server IP-Cameras Improper Access Restrictions
21.09.2015
Glaysson dos Santos
High
FortiClient Antivirus Information Exposure / Access Control
02.09.2015
CORE
Med.
WordPress WP Attachment Export 0.2.3 Arbitrary File Download
17.07.2015
Nitin Venkatesh
High
WordPress Image Export 1.1 Arbitrary File Download
15.07.2015
Larry W. Cashdollar
Med.
WordPress WP-SwimTeam 1.44.10777 Arbitrary File Download
13.07.2015
Larry W. Cashdollar
High
WedgeOS 4.0.4 Arbitrary File Read / Command Execution
30.06.2015
Security-assessment
Med.
SAP Management Console Information Disclosure
19.06.2015
Dmitry Chastukhin
High
BlackCat CMS 1.1.1 Arbitrary File Download
17.06.2015
d4rkr0id
Med.
Sendio ESP Information Disclosure
24.05.2015
Core
Low
724CMS 5.01 / 4.59 / 4.01 / 3.01 Information Leakage
17.03.2015
Wang Jing
Low
WordPress Daily Edition Theme 1.6.2 Path Disclosure
12.03.2015
Wang Jing
High
Codoforum 2.5.1 Arbitrary File Download
11.03.2015
Kacper Szurek
Low
DLGuard 4.5 Path Disclosure
19.02.2015
Wang Jing
Med.
Open-Xchange Server 6 / OX AppSuite 7.6.1 Exposure
13.02.2015
Martin Heiland
High
WordPress Bretheon Theme Arbitrary File Download
20.01.2015
MindCracker
High
WordPress A.F.D. Theme Echelon Arbitrary File Download
17.12.2014
Cleiton Pinheiro
High
WordPress Ajax Store Locator 1.2 Arbitrary File Download
09.12.2014
Claudio Viviani
Low
Joomla HD FLV 2.1.0.1 Arbitrary File Download
17.11.2014
Claudio Viviani
High
Epicor Password Disclosure / Cross Site Scripting
02.10.2014
Fara
High
WordPress Trinity Theme Arbitrary File Download
12.09.2014
Mr.Doel
Low
WordPress Antioch Arbitrary File Download
09.09.2014
Ashiyane Digital Secur...
High
WordPress KenBurner Slider Arbitrary File Download
26.08.2014
MF0x and Daniel Pentes...
High
MEHR Automation System Arbitrary File Download
26.08.2014
alieye
High
IBM Sametime Meet Server 8.5 Password Disclosure
12.08.2014
Adriano Marcio Monteir...
High
Elastic Search 1.1.1 Arbitrary File Read
31.07.2014
Bouke van der Bijl
High
DotNetNuke ResponsiveSidebar Arbitrary File Download
10.06.2014
alieye
High
DotNetNuke EasyDnnGallery Arbitrary File Download
10.06.2014
alieye
High
DotNetNuke ASPSlideshow Arbitrary File Download
10.06.2014
alieye
High
DotNetNuke CodeEditor Arbitrary File Download
10.06.2014
alieye
High
DotNetNuke dnnUI_NewsArticlesSlider Arbitrary File Download
10.06.2014
alieye
High
Multiple D-Link Routers Cross Site Scripting / Information Disclosure
23.05.2014
Kyle Lovett
High
Cobbler 2.6.0 Arbitrary File Read
15.05.2014
Dolev Farhi
Med.
SAP Software Lifecycle Manager Information Disclosure
29.04.2014
Onapsis
High
SAP NW Portal WD Information Disclosure
29.04.2014
Onapsis
High
dompdf 0.6.0 Arbitrary File Read
24.04.2014
Alejo Murillo Moyas
Low
Open-Xchange AppSuite 7.4.2 XSS / Disclosure
09.04.2014
Martin Braun
High
Router D-Link DIR-100 Multiple Vulnerabilities
04.02.2014
Felix Richter
Med.
Franklin Fuelings T550 Evo Access Control / Credentials
22.01.2014
Matt Jakubowski
Med.
Kernel MSM Memory Leak
26.11.2013
Jonathan Salwan
High
IJG jpeg6b / libjpeg-turbo Uninitialized Memory
13.11.2013
Michal Zalewski
Low
Open-Xchange AppSuite Script Insertion
07.11.2013
Martin Braun
Med.
Performance Guard Arbitrary File Read & Traversal
30.08.2013
Kerem Kocaer
High
FOSCAM IP-Cameras Improper Access Restrictions
24.07.2013
Flavio de Cristofaro
Med.
Backupbuddy 2.2.4 Sensitive Data Exposure
25.03.2013
robarmstrong.te71
High
mnoGoSearch 3.3.12 Arbitrary File Read
06.03.2013
Sergey Bobrov
High
Symantec Messaging Gateway 9.5.3-3 Arbitrary File Download
19.09.2012
nccgroup
Low
Symantec Messaging Gateway 9.5.3-3 Disclosure
19.09.2012
nccgroup
Low
Wordpress Admin name Information Disclosure
19.09.2012
PistqoN
High
Yourplace 1.0.3 Credentials Dislcosure and Session Poisoning Vulnerabilities
24.07.2012
condis
High
PHPCollab 2.5 Database Backup Disclosure
23.05.2012
team
Low
Coppermine 1.5.18 Cross Site Scripting / Path Disclosure
30.03.2012
waraxe
High
TVersity 1.9.7 Arbitrary File Download
15.03.2012
Luigi Auriemma
High
Icona SpA C6 Messenger Downloader Arbitrary File Download / Execute
04.02.2012
SnoopyAssault
Low
phpMyAdmin Arbitrary File Read
21.11.2011
80sec
Low
HP MFP Digital Sending Software Running on Window Local Information Disclosure
26.10.2011
HP
Med.
IceWarp Mail Server 10.3.2 Multiple Vulnerabilities
04.10.2011
David Kirkpatrick of T...
Low
File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6
20.09.2011
Nicolas Gregoire
High
Measuresoft ScadaPro arbitrary commands execution
20.09.2011
Luigi Auriemma
Med.
Linux Kernel < 2.6.36.2 Econet Privilege Escalation Exploit
07.09.2011
Jon Oberheide
Med.
rsa envision 4.0 sp security issue
26.08.2011
emc
Med.
CA ARCserve D2D Session Handling Vulnerability
16.08.2011
rgod
Low
Proxy-Authorization header received on server side
09.07.2011
onofer dusan
Low
linux kernel 2.6.38.8 ipv ip_tables infoleak to userspace
28.06.2011
Vasiliy Kulikov
Low
linux kernel 2.6.38.8 ipv4 arp_tables infoleak to userspace
28.06.2011
Vasiliy Kulikov
Med.
linux kernel 2.6.38.8 econet infoleak to the network
24.06.2011
Vasiliy KulikoV
Low
linux kernel 2.6.38.8 ipv6/netfilter ip6_tables infoleak to userspace
24.06.2011
Vasiliy Kulikov
Med.
Certain HP Photosmart Printers Remote UnauthorizedAccess XSS
18.04.2011
HP


CVEMAP Search Results

CVE
Details
Description
2018-04-13
Medium
CVE-2018-10082

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php.

 
2018-04-10
Medium
CVE-2018-9922

Vendor: Icmsdev
Software: ICMS
 

 
An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.

 
2018-04-05
Medium
CVE-2017-0748

Vendor: Google
Software: Android
 

 
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.

 
2018-03-30
Low
CVE-2017-9681

Vendor: Google
Software: Android
 

 
In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur.

 
Low
CVE-2017-1705

Vendor: IBM
Software: Security pri...
 

 
IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427.

 
Low
CVE-2017-1765

Vendor: IBM
Software: Business pro...
 

 
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.

 
Low
CVE-2018-1234

Vendor: RSA
Software: Authenticati...
 

 
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.

 
2018-03-28
Low
CVE-2018-7676

Vendor: Netiq
Software: Identity manager
 

 
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.

 
2018-03-27
Medium
CVE-2017-12310

Vendor: Cisco
Software: Spark hybrid...
 

 
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593.

 
Low
CVE-2015-5016

Vendor: IBM
Software: Change and c...
 

 
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top