Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-01-10
Updated
2014-01-10
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
Max CVSS
5.0
EPSS Score
0.53%
Published
2014-05-14
Updated
2014-06-25
The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3) cmsincludes/cms_plugin_api_link.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
Max CVSS
4.3
EPSS Score
0.35%
Published
2014-12-30
Updated
2015-03-25
The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string.
Max CVSS
4.9
EPSS Score
0.04%
Published
2014-02-15
Updated
2023-02-13
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
Max CVSS
2.6
EPSS Score
0.09%
Published
2014-03-01
Updated
2023-02-13
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-02-03
Updated
2014-02-21
lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
Max CVSS
4.6
EPSS Score
0.05%
Published
2014-10-27
Updated
2014-10-29
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
Max CVSS
5.0
EPSS Score
0.29%
Published
2014-02-15
Updated
2014-02-18
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.
Max CVSS
4.0
EPSS Score
1.54%
Published
2014-01-21
Updated
2017-08-29
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
Max CVSS
4.3
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-01
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-01
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
Max CVSS
5.0
EPSS Score
0.53%
Published
2014-09-30
Updated
2023-02-13
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-02
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
Max CVSS
5.0
EPSS Score
0.74%
Published
2014-11-03
Updated
2023-02-13
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-01-21
Updated
2014-01-22
The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.
Max CVSS
5.0
EPSS Score
0.18%
Published
2014-05-08
Updated
2014-05-08
The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2014-11-16
Updated
2017-08-29
maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.38%
Published
2014-06-02
Updated
2017-08-29
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
Max CVSS
3.2
EPSS Score
0.64%
Published
2014-01-21
Updated
2017-08-29
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
Max CVSS
5.0
EPSS Score
0.74%
Published
2014-02-05
Updated
2014-02-25
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.
Max CVSS
5.0
EPSS Score
0.22%
Published
2014-03-14
Updated
2014-03-17
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.
Max CVSS
3.5
EPSS Score
0.12%
Published
2014-05-26
Updated
2017-08-29
The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow.
Max CVSS
4.4
EPSS Score
0.04%
Published
2014-01-11
Updated
2018-10-30
The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.33%
Published
2014-11-16
Updated
2015-02-10

CVE-2013-3982

Public exploit
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.
Max CVSS
5.0
EPSS Score
0.41%
Published
2014-05-26
Updated
2017-08-29
356 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!