The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.
Max CVSS
5.0
EPSS Score
3.10%
Published
2014-01-26
Updated
2018-10-09
Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.
Max CVSS
5.0
EPSS Score
11.94%
Published
2014-01-22
Updated
2018-10-30
The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-01-10
Updated
2014-01-10
The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-01-10
Updated
2014-01-10
The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls.
Max CVSS
4.3
EPSS Score
0.27%
Published
2014-01-22
Updated
2014-08-11
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
Max CVSS
4.3
EPSS Score
0.31%
Published
2014-01-23
Updated
2014-03-08
framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests.
Max CVSS
5.0
EPSS Score
0.64%
Published
2014-01-26
Updated
2017-08-29
The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2014-01-08
Updated
2017-08-29
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.
Max CVSS
5.0
EPSS Score
0.90%
Published
2014-01-02
Updated
2014-01-03
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
Max CVSS
5.0
EPSS Score
0.59%
Published
2014-01-02
Updated
2014-01-03
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
Max CVSS
5.0
EPSS Score
0.57%
Published
2014-01-03
Updated
2014-02-25
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
Max CVSS
2.1
EPSS Score
0.05%
Published
2014-01-07
Updated
2018-10-09
Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.
Max CVSS
5.0
EPSS Score
25.95%
Published
2014-01-23
Updated
2014-01-23
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.
Max CVSS
5.0
EPSS Score
0.41%
Published
2014-01-07
Updated
2014-03-08
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.12%
Published
2014-01-16
Updated
2017-08-29
The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow.
Max CVSS
4.4
EPSS Score
0.04%
Published
2014-01-11
Updated
2018-10-30
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
Max CVSS
3.2
EPSS Score
0.64%
Published
2014-01-21
Updated
2017-08-29
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-01-21
Updated
2014-01-22
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.
Max CVSS
4.0
EPSS Score
1.54%
Published
2014-01-21
Updated
2017-08-29
Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-01-10
Updated
2014-01-10
20 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!