Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack.
Max CVSS
5.0
EPSS Score
0.48%
Published
2014-12-19
Updated
2018-10-09
EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.
Max CVSS
7.8
EPSS Score
0.48%
Published
2014-12-07
Updated
2018-10-09
The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL.
Max CVSS
5.0
EPSS Score
0.50%
Published
2014-12-08
Updated
2021-01-12
Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418.
Max CVSS
5.0
EPSS Score
0.35%
Published
2014-12-15
Updated
2016-03-21
Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382.
Max CVSS
5.0
EPSS Score
0.33%
Published
2014-12-15
Updated
2016-03-21
The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php.
Max CVSS
5.0
EPSS Score
0.61%
Published
2014-12-02
Updated
2017-09-08
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to obtain sensitive information via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.53%
Published
2014-12-10
Updated
2018-12-20
The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.19%
Published
2014-11-20
Updated
2014-11-21
Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.
Max CVSS
5.0
EPSS Score
1.98%
Published
2014-12-03
Updated
2017-09-08
The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request.
Max CVSS
5.0
EPSS Score
0.32%
Published
2014-12-02
Updated
2018-10-09
MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Max CVSS
5.0
EPSS Score
0.24%
Published
2014-12-03
Updated
2019-10-22
The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.
Max CVSS
5.0
EPSS Score
0.66%
Published
2014-10-22
Updated
2016-04-04
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.
Max CVSS
5.0
EPSS Score
0.66%
Published
2014-10-22
Updated
2015-09-10
The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node.
Max CVSS
5.0
EPSS Score
0.17%
Published
2014-11-12
Updated
2014-11-13
The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.
Max CVSS
5.0
EPSS Score
0.62%
Published
2014-11-10
Updated
2017-09-08
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."
Max CVSS
7.8
EPSS Score
42.92%
Published
2014-11-25
Updated
2015-02-17
The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.20%
Published
2014-11-06
Updated
2014-11-07
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files.
Max CVSS
5.0
EPSS Score
0.20%
Published
2014-11-06
Updated
2014-11-07
The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."
Max CVSS
6.4
EPSS Score
2.67%
Published
2014-11-15
Updated
2019-12-27
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
Max CVSS
5.0
EPSS Score
0.65%
Published
2014-12-17
Updated
2017-09-08
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.
Max CVSS
5.0
EPSS Score
0.32%
Published
2014-11-26
Updated
2014-11-26
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-10-29
Updated
2017-09-08
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.18%
Published
2014-10-29
Updated
2014-10-30
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-10-29
Updated
2017-09-08
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
5.0
EPSS Score
1.18%
Published
2014-12-10
Updated
2014-12-12
184 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!