Total
7896 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9699 | 1 Makerbot | 2 Replicator 5th Generation, Replicator 5th Generation Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server. | |||||
| CVE-2014-9481 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. | |||||
| CVE-2014-9127 | 1 Open-school | 1 Open-school | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php. | |||||
| CVE-2014-8940 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI. | |||||
| CVE-2014-8328 | 1 Dynamic Content Elements Project | 1 Dynamic Content Elements | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request. | |||||
| CVE-2014-7863 | 1 Zohocorp | 3 Manageengine Applications Manager, Manageengine It360, Manageengine Opmanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. | |||||
| CVE-2014-6437 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file. | |||||
| CVE-2014-6309 | 1 Tenefit | 1 Kaazing Websocket Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling. | |||||
| CVE-2014-6275 | 2 Debian, Fusionforge | 2 Debian Linux, Fusionforge | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge. | |||||
| CVE-2014-6112 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. | |||||
| CVE-2014-6109 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. | |||||
| CVE-2014-6108 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. | |||||
| CVE-2014-6048 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. | |||||
| CVE-2014-6038 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000. | |||||
| CVE-2014-5450 | 1 Zarafa | 1 Zarafa Collaboration Platform | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files. | |||||
| CVE-2014-5394 | 1 Huawei | 24 S2300, S2300 Firmware, S2700 and 21 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. | |||||
| CVE-2014-5209 | 2 F5, Ntp | 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | |||||
| CVE-2014-5132 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses. | |||||
| CVE-2014-5131 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse. | |||||
| CVE-2014-5130 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token. | |||||