Przykłady dla CWE-200: Information Exposure

	Tytuł	Data	Autor
Med.	OX App Suite XSS / Information Disclosure / Authorization Bypass	09.05.2023	Martin Heiland
Med.	SecurePoint UTM 12.x Session ID Leak	18.04.2023	Julien Ahrens
Low	MiniDVBLinux 5.4 Arbitrary File Read	18.10.2022	LiquidWorm
High	Active eCommerce CMS 6.3.0 Arbitrary File Download	28.09.2022	th3d1gger
High	WordPress BackupBuddy 8.7.4.1 Arbitrary File Read	07.09.2022	Anonymouse
Low	SAP FRUN Simple Diagnostics Agent 1.0 Information Disclosure	22.06.2022	Yvan Genuer
Med.	Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure	06.06.2022	Julien Ahrens
High	WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read	24.03.2022	Hassan Khan Yusufzai
High	TermTalk Server 3.24.0.2 Arbitrary File Read	05.01.2022	Fabiano Golluscio
High	Oliver Library Server v5 Arbitrary File Download	19.12.2021	Mandeep Singh, Ishaan ...
Med.	Grafana 8.3.0 Directory Traversal / Arbitrary File Read	09.12.2021	s1gh
High	TestLink 1.19 Arbitrary File Download	09.12.2021	Gonzalo Villegas
Med.	WordPress DZS Zoomsounds 6.45 Arbitrary File Read	05.12.2021	Uriel Yochpaz
High	WordPress Plugin DZS Zoomsounds 6.45 Arbitrary File Read (Unauthenticated)	03.12.2021	Uriel Yochpaz
High	Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download	16.11.2021	Rizal Muhammed
Med.	SAP Enterprise Portal Sensitive Data Disclosure	23.10.2021	Yvan Genuer
High	WordPress Duplicator 1.3.26 Arbitrary File Read	18.10.2021	nam3lum
High	Atlassian Confluence Server 7.5.1 Arbitrary File Read	06.10.2021	Mayank Deshmukh
Med.	WordPress BulletProof Security 5.1 Information Disclosure	06.10.2021	Ron Jost
Med.	Longjing Technology BEMS API 1.21 Remote Arbitrary File Download	30.07.2021	LiquidWorm
High	ES File Explorer 4.1.9.7.4 Arbitrary File Read	29.06.2021	Nehal Zaman
Med.	SAP Hybris eCommerce Information Disclosure	15.06.2021	Gaston Traberg
High	Hasura GraphQL 1.3.3 Arbitrary File Read	22.04.2021	Dolev Farhi
High	Novel Boutique House-plus 3.5.1 Arbitrary File Download	29.03.2021	tuyiqiang
Med.	Apache Flink 1.11.0 Unauthenticated Arbitrary File Read (Metasploit)	14.01.2021	Suncsr
Med.	Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal	08.01.2021	SunCSR
Med.	WordPress Plugin W3 Total Cache Unauthenticated Arbitrary File Read (Metasploit)	06.01.2021	SunCSR
Med.	URVE Software Build 24.03.2020 Information Disclosure	30.12.2020	Erik Steltzner
Med.	Wordpress Plugin Duplicator 1.3.26 Unauthenticated Arbitrary File Read (Metasploit)	18.12.2020	Nguyen
High	Gitlab 12.9.0 Arbitrary File Read (Authenticated)	19.11.2020	Jasper Rasenberg
Low	Amazon Web Services - Database Disclosure (Sensitive Information)	13.09.2020	Gh05t666nero
Med.	HelloWeb 2.0 Arbitrary File Download	11.07.2020	bRpsd
High	jizhi CMS 1.6.7 Arbitrary File Download	21.04.2020	iej1ctk1g
High	Webtateas 2.0 Arbitrary File Read	15.04.2020	CBIITMC
Low	UniSharp Laravel File Manager 2.0.0 Arbitrary File Read	04.03.2020	NgoAnhDuc
Low	Antiprizuv Form-Data Log Emails Information Disclosure	26.12.2019	L4663r666h05t
High	IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 Arbitrary File Read	03.09.2019	Todor Donev
Med.	Joomla JS Support Ticket 1.1.5 Arbitrary File Download	09.08.2019	qw3rTyTy
Med.	DuckSell 3.0.0 Database Disclosure	10.06.2019	KingSkrupellos
Med.	SmartLIB Library Software Database Disclosure	03.06.2019	KingSkrupellos
Med.	OpenEvSys Software 2.2 Database Disclosure	02.06.2019	KingSkrupellos
Med.	Open-EMR HealthCare Software 5.0.1 Database Disclosure	02.06.2019	KingSkrupellos
Med.	GinoCMS Software 2.x Database Disclosure	02.06.2019	KingSkrupellos
Med.	OCSInventory-NG Software CMS 2.6 RC Database Disclosure	02.06.2019	KingSkrupellos
Med.	AgniCMS 1.6 Database Disclosure	02.06.2019	KingSkrupellos
Low	Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure	28.04.2019	Cisco Talos
Low	Sierra Wireless AirLink ES450 ACEManager Information Disclosure	28.04.2019	Cisco Talos
Med.	RingsDB Software 1.0.0 Database Disclosure	20.04.2019	KingSkrupellos
Med.	NIT-Warangal Dispensary Management System India 1.0 Database Disclosure	17.04.2019	KingSkrupellos
Med.	CyberShadeCMS v1 Database Disclosure	14.04.2019	KingSkrupellos
Med.	PragyanCMS 3.0 Beta Database Disclosure	14.04.2019	KingSkrupellos
Med.	TarichiCMS Web Publishing System v2 Database Disclosure	14.04.2019	KingSkrupellos
Med.	Opus Online Placement University System 4.2.0 Database Disclosure	12.04.2019	KingSkrupellos
Med.	OrangeScrum Project Management Software 1.6.1 Database Disclosure	12.04.2019	KingSkrupellos
Med.	Gibbonedu The Flexible School Platform 17.0.00 Database Disclosure	12.04.2019	KingSkrupellos
Med.	JobSkee Open Source JobBoard 1.1.3 Database Disclosure	12.04.2019	KingSkrupellos
Med.	MajorDoMo Domestic Module Database Disclosure	10.04.2019	KingSkrupellos
High	Themosis Framework BookStore 1.3.0 Database Disclosure	10.04.2019	KingSkrupellos
High	NekoCMS 2.5 Database Disclosure	10.04.2019	KingSkrupellos
High	YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure	10.04.2019	KingSkrupellos
Med.	Norbye CMS Database Disclosure	10.04.2019	KingSkrupellos
Med.	Nova CMS Software 3.77.3 Database Disclosure	08.04.2019	KingSkrupellos
Med.	NeoFragCMS Alpha 0.2.1 Database Disclosure	05.04.2019	KingSkrupellos
High	TheDayLightStudio GetFuelCMS 0.9.3 Database Disclosure	05.04.2019	KingSkrupellos
High	YonaCMS Software 1.3.2 Database Disclosure	05.04.2019	KingSkrupellos
Med.	Senayan Slims Meranti 5 Database Disclosure	04.04.2019	KingSkrupellos
Med.	ClipBucket 2.6 Database Disclosure	04.04.2019	KingSkrupellos
Med.	Luya CMS 1.0.0 Database Disclosure	04.04.2019	KingSkrupellos
Med.	OpenMonero MyMonero 1.1.9 Database Disclosure	04.04.2019	KingSkrupellos
Med.	RainCMS Alpha 1.0 Database Disclosure	04.04.2019	KingSkrupellos
Med.	Complaint Management System CMS 4.0.4.1 Database Disclosure	04.04.2019	KingSkrupellos
Med.	Mash Project Integrated 4.2.7.1 Database Disclosure Exploit	02.04.2019	KingSkrupellos
Med.	DataWrapper ProtoType 0.8 Database Disclosure Exploit	02.04.2019	KingSkrupellos
Med.	Ektron CMS 9 Database Disclosure Exploit	02.04.2019	KingSkrupellos
Med.	Shinobi Security Software 1.0 Database Disclosure Exploit	02.04.2019	KingSkrupellos
High	WordPress Ultimate Form Builder Plugins 1.0 Database Disclosure	28.03.2019	KingSkrupellos
Med.	WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure	27.03.2019	KingSkrupellos
Med.	Independent University of Bangladesh IUB Database Disclosure	22.03.2019	KingSkrupellos
Med.	F3-CMS FatFreeFramework 0.0.1 Database Disclosure	15.02.2019	KingSkrupellos
High	WordPress Ad Manager WD 1.0.11 Arbitrary File Download	29.01.2019	41!kh4224rDz
Med.	Papoo CMS PKalender Plugins 3.5 Database Disclosure	28.01.2019	KingSkrupellos
Med.	Joomla RSFirewall Components 2.11.25 Database and Password Disclosure	25.01.2019	KingSkrupellos
Med.	Joomla JVFramework Components 1.6.4.0 Database Disclosure	21.01.2019	KingSkrupellos
Med.	Joomla Akeeba Backup Components 6.3.3 Database Disclosure	19.01.2019	KingSkrupellos
Med.	Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection	19.01.2019	KingSkrupellos
Low	Mozilla Firefox 64 Information Disclosure	18.01.2019	Dr. Vladimir Bostanov
Med.	Joomla ZHYandexMap Components 8.0.0.2 Database Disclosure	18.01.2019	KingSkrupellos
Med.	eBrigade ERP 4.5 Arbitrary File Download	11.01.2019	Ozkan Mustafa Akkus
Med.	Typo3 CMS twwc_pages Extension 8.7.x Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS Site Crawler Extension 6.1.2 Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS YAG Themepack jQuery Extension 1.3.2 Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS Static Info Tables Extension 6.7.3 Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS pw_highslide_gallery Extension 0.3.1 Database Disclosure	04.01.2019	KingSkrupellos
Med.	PrestaShop PM_ModalCart Modules 1.6.1.4 Database Disclosure	01.01.2019	KingSkrupellos
Med.	PrestaShop PM_AdvancedSearch4 Modules 1.6.1.18 Database Disclosure	01.01.2019	KingSkrupellos
Med.	PrestaShop yllyaidechantier Modules 1.4.9.0 Database Disclosure	01.01.2019	KingSkrupellos
Med.	PrestaShop Google GSnippetsReviews Modules 1.6.1.4 Database Backup Disclosure	01.01.2019	KingSkrupellos
Med.	PrestaShop FacebookPsConnect Modules 1.6.1.4 Database Disclosure	01.01.2019	KingSkrupellos
Med.	Drupal 7 CivicRM Modules 5.8.2 Database Disclosure	01.01.2019	KingSkrupellos
Med.	WordPress Universal Post Manager 1.5.0 Database Disclosure	26.11.2018	KingSkrupellos

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2023-06-06

CVE-2023-1779

Updating...

Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.

2023-06-05

	CVE-2023-33956	Updating...	Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under /files directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application's security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability.
	CVE-2013-10030	Updating...	A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672.

2023-05-30

CVE-2023-0443

Updating...

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.

2023-05-29

CVE-2014-125102

Updating...

A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability.

2023-05-15

CVE-2023-0812

Updating...

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.

2023-05-12

CVE-2023-27863

Updating...

IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.

2023-05-11

	CVE-2023-32082	Updating...	etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.
	CVE-2023-27870	Updating...	IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.

2023-05-09

CVE-2023-32113

Updating...

SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.

09.05.2023

18.04.2023

18.10.2022

28.09.2022

07.09.2022

22.06.2022

06.06.2022

24.03.2022

05.01.2022

19.12.2021

09.12.2021

09.12.2021

05.12.2021

03.12.2021

16.11.2021

23.10.2021

18.10.2021

06.10.2021

06.10.2021

30.07.2021

29.06.2021

15.06.2021

22.04.2021

29.03.2021

14.01.2021

08.01.2021

06.01.2021

30.12.2020

18.12.2020

19.11.2020

13.09.2020

11.07.2020

21.04.2020

15.04.2020

04.03.2020

26.12.2019

03.09.2019

09.08.2019

10.06.2019

03.06.2019

02.06.2019

02.06.2019

02.06.2019

02.06.2019

02.06.2019

28.04.2019

28.04.2019

20.04.2019

17.04.2019

14.04.2019

14.04.2019

14.04.2019

12.04.2019

12.04.2019

12.04.2019

12.04.2019

10.04.2019

10.04.2019

10.04.2019

10.04.2019

10.04.2019

08.04.2019

05.04.2019

05.04.2019

05.04.2019

04.04.2019

04.04.2019

04.04.2019

04.04.2019

04.04.2019

04.04.2019

02.04.2019

02.04.2019

02.04.2019

02.04.2019