Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-1607

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-04 Sep, 2012 | 20:00
Updated At-16 Sep, 2024 | 19:35
Rejected At-
Credits

The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:04 Sep, 2012 | 20:00
Updated At:16 Sep, 2024 | 19:35
Rejected At:
▼CVE Numbering Authority (CNA)

The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/48647
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48622
third-party-advisory
x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2012/03/30/4
mailing-list
x_refsource_MLIST
http://osvdb.org/80761
vdb-entry
x_refsource_OSVDB
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
x_refsource_CONFIRM
http://www.debian.org/security/2012/dsa-2445
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/bid/52771
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/48647
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48622
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/30/4
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://osvdb.org/80761
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2012/dsa-2445
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/bid/52771
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/48647
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48622
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openwall.com/lists/oss-security/2012/03/30/4
mailing-list
x_refsource_MLIST
x_transferred
http://osvdb.org/80761
vdb-entry
x_refsource_OSVDB
x_transferred
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2012/dsa-2445
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/bid/52771
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/48647
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48622
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/30/4
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://osvdb.org/80761
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2012/dsa-2445
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/52771
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:04 Sep, 2012 | 20:55
Updated At:29 Apr, 2026 | 01:13

The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

TYPO3 Association
typo3
>>typo3>>4.4
cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.0
cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.1
cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.2
cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.3
cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.4
cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.5
cpe:2.3:a:typo3:typo3:4.4.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.6
cpe:2.3:a:typo3:typo3:4.4.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.7
cpe:2.3:a:typo3:typo3:4.4.7:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.8
cpe:2.3:a:typo3:typo3:4.4.8:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.9
cpe:2.3:a:typo3:typo3:4.4.9:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.10
cpe:2.3:a:typo3:typo3:4.4.10:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.11
cpe:2.3:a:typo3:typo3:4.4.11:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.12
cpe:2.3:a:typo3:typo3:4.4.12:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.13
cpe:2.3:a:typo3:typo3:4.4.13:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5
cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.0
cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.1
cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.2
cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.3
cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.4
cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.5
cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.6
cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.7
cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.8
cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.9
cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.10
cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.11
cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.12
cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.13
cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6
cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.0
cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.1
cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.2
cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.3
cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.4
cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.5
cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.6
cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7
cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.0
cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://osvdb.org/80761secalert@redhat.com
N/A
http://secunia.com/advisories/48622secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/48647secalert@redhat.com
Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/secalert@redhat.com
Vendor Advisory
http://www.debian.org/security/2012/dsa-2445secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/03/30/4secalert@redhat.com
N/A
http://www.securityfocus.com/bid/52771secalert@redhat.com
N/A
http://osvdb.org/80761af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48622af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/48647af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2012/dsa-2445af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/03/30/4af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/52771af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://osvdb.org/80761
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48622
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/48647
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2012/dsa-2445
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/30/4
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/52771
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/80761
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48622
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/48647
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2012/dsa-2445
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/30/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/52771
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2805Records found

CVE-2016-10002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.77% / 93.19%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

Action-Not Available
Vendor-n/aSquid CacheDebian GNU/Linux
Product-debian_linuxsquidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0825
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 38.32%
||
7 Day CHG~0.00%
Published-12 Mar, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1000221
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.76% / 75.33%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.

Action-Not Available
Vendor-n/aElasticsearch BV
Product-logstashn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0904
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-1.43% / 69.79%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-avamar_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3701
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.33% / 67.72%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files.

Action-Not Available
Vendor-alegrocartn/a
Product-alegrocartn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5524
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.60% / 72.80%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5527.

Action-Not Available
Vendor-n/aOracle Corporation
Product-agile_product_lifecycle_managementn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2005-1754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.84% / 84.94%
||
7 Day CHG~0.00%
Published-21 May, 2006 | 16:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.

Action-Not Available
Vendor-apache_tomcatn/aSun Microsystems (Oracle Corporation)
Product-javamailapache_tomcatn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9231
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.23% / 80.59%
||
7 Day CHG~0.00%
Published-20 Sep, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.

Action-Not Available
Vendor-iterm2n/a
Product-iterm2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9489
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:03
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-goodnex_premium_responsive_projectn/a
Product-goodnex_premium_responsiven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-26847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.30% / 66.93%
||
7 Day CHG~0.00%
Published-10 Mar, 2022 | 04:58
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.

Action-Not Available
Vendor-spipn/aDebian GNU/Linux
Product-debian_linuxspipn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3792
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.24%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files.

Action-Not Available
Vendor-pixelpostn/a
Product-pixelpostn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-9280
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.3||MEDIUM
EPSS-1.14% / 62.65%
||
7 Day CHG~0.00%
Published-02 Mar, 2018 | 20:00
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Novell Identity Manager User Application get request url contains the session token.

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.

Action-Not Available
Vendor-netiqNetIQ
Product-identity_managerIdentity Manager Applications
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-6000
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.23%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 02:00
Updated-24 Apr, 2026 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Library Management System SQL Database Backup File library.sql information disclosure

A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Online Library Management System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2026-7071
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.38% / 29.95%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 00:30
Updated-27 Apr, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Online Job Portal user-cvs file information disclosure

A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-CodeAstro
Product-Online Job Portal
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2011-3761
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.37% / 68.64%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files.

Action-Not Available
Vendor-dietrich_ayalan/a
Product-nusoapn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9484
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:00
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-accio_one_page_parallax_responsive_theme_projectn/a
Product-accio_one_page_parallax_responsive_themen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9176
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 54.87%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, Input_address is registered as a shared buffer and is not properly checked before use in OEMCrypto_Generic_Sign(). This allows addresses to be accessed that reside in secure/CP memory.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_820asd_412sd_808_firmwaresd_400sd_415sd_616sd_425sd_430_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaresd_210sd_820_firmwaresd_820sd_650sd_808sd_450_firmwaresd_800sd_845_firmwaresd_410sd_617sd_400_firmwaresd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_850_firmwaresd_625_firmwaresd_450sd_412_firmwaresd_845mdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresd_410_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-9269
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.19% / 86.55%
||
7 Day CHG~0.00%
Published-01 Oct, 2018 | 23:00
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format.

Action-Not Available
Vendor-wpmobilepackn/a
Product-wordpress_mobile_packn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3807
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.23%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.

Action-Not Available
Vendor-textpatternn/a
Product-textpatternn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-9858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.06% / 78.97%
||
7 Day CHG~0.00%
Published-05 Aug, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users exist and which do not. NOTE: the vendor's position is that this "is not a security gap per se." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Action-Not Available
Vendor-sman/a
Product-sunny_tripower_60sunny_central_storage_2500-ev_firmwaresunny_central_storage_900sunny_tripower_12000tlsunny_central_storage_500_firmwaresunny_central_storage_720sunny_central_850cp_xt_firmwaresunny_boy_4000tl_firmwaresunny_central_2200sunny_central_900cp_xt_firmwaresunny_central_storage_760sunny_central_storage_1000sunny_boy_5000sunny_boy_5.0sunny_boy_3000tl_firmwaresunny_tripower_15000tl_firmwaresunny_boy_5000tl_firmwaresunny_boy_4.0_firmwaresunny_central_800cp_xtsunny_central_storage_760_firmwaresunny_tripower_12000tl_firmwaresunny_boy_3.6sunny_boy_3600tl_firmwaresunny_central_storage_2500-evsunny_boy_3600tlsunny_boy_2.5_firmwaresunny_tripower_15000tlsunny_central_storage_2200_firmwaresunny_central_storage_850_firmwaresunny_tripower_5000tl_firmwaresunny_central_630cp_xtsunny_central_720cp_xt_firmwaresunny_central_storage_900_firmwaresunny_central_500cp_xtsunny_tripower_20000tl_firmwaresunny_boy_3.0_firmwaresunny_central_storage_800_firmwaresunny_boy_5000_firmwaresunny_boy_3000tlsunny_boy_2.5sunny_central_760cp_xtsunny_boy_4000tlsunny_tripower_25000tl_firmwaresunny_central_850cp_xtsunny_central_storage_2200sunny_boy_3.6_firmwaresunny_central_1000cp_xt_firmwaresunny_tripower_20000tlsunny_tripower_60_firmwaresunny_central_storage_630sunny_boy_storage_2.5sunny_boy_5.0_firmwaresunny_central_720cp_xtsunny_central_storage_500sunny_boy_3.0sunny_boy_3600sunny_boy_1.5sunny_central_storage_630_firmwaresunny_central_1000cp_xtsunny_central_storage_800sunny_central_630cp_xt_firmwaresunny_central_storage_720_firmwaresunny_tripower_5000tlsunny_central_2200_firmwaresunny_boy_storage_2.5_firmwaresunny_central_900cp_xtsunny_tripower_core1sunny_boy_5000tlsunny_central_storage_1000_firmwaresunny_tripower_25000tlsunny_central_storage_850sunny_central_800cp_xt_firmwaresunny_central_500cp_xt_firmwaresunny_boy_4.0sunny_boy_3600_firmwaresunny_tripower_core1_firmwaresunny_central_760cp_xt_firmwaresunny_boy_1.5_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-6160
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 22.57%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 04:30
Updated-24 Apr, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple ChatBox Endpoint chatbox.sql SimpleChatbox_PHP file information disclosure

A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Simple ChatBox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2011-3698
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.33% / 67.71%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/poll_vote.php and certain other files.

Action-Not Available
Vendor-adaptcmsn/a
Product-adaptcmsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2005-1028
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.19% / 64.21%
||
7 Day CHG~0.00%
Published-09 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.

Action-Not Available
Vendor-phpnuken/a
Product-php-nuken/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0299
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.74% / 74.88%
||
7 Day CHG~0.00%
Published-28 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID: 111382.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tririga_application_platformn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.23%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php.

Action-Not Available
Vendor-tinywebgalleryn/a
Product-tinywebgalleryn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9123
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.90% / 55.34%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, code to zeroize AES key could be compiled out by compiler which could potentially result in information disclosure.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9635m_firmwaremdm9640_firmwaremdm9650sd_615_firmwaremsm8909w_firmwaresd_820mdm9645sd_650sd_450_firmwaresd_845_firmwaresd_410ipq4019_firmwaremdm9206sd_652sd_425_firmwaresd_800_firmwaresd_625_firmwaresd_450mdm9635mmdm9615sd_845mdm9206_firmwaremdm9640sd_835_firmwaremdm9650_firmwaresd_835sd_210_firmwaresd_415_firmwaresd_652_firmwaresd_600msm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212fsm9055sd_412sd_808_firmwaresd_400sdx20sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9655_firmwaresd_625sd_210mdm9607sd_820_firmwaremdm9645_firmwaremdm9625_firmwaresd_808sd_800fsm9055_firmwaresd_617sd_400_firmwaresd_212_firmwaresd_850_firmwaremdm9655sd_412_firmwaremdm9625sd_430ipq4019sd_810mdm9615_firmwaresdx20_firmwaresd_410_firmwaresd_600_firmwaresd_205sd_810_firmwaresd_617_firmwareSnapdragon Mobile, Snapdragon Wear, Small Cell SoC
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9486
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:01
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-axioma_premium_responsive_projectn/a
Product-axioma_premium_responsiven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.37% / 68.60%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.

Action-Not Available
Vendor-cakephpn/a
Product-cakephpn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:02
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-almera_responsive_portfolio_projectn/a
Product-almera_responsive_portfolion/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9256
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.05% / 60.24%
||
7 Day CHG-0.02%
Published-20 Feb, 2018 | 06:00
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.

Action-Not Available
Vendor-datton/a
Product-alto_3_firmwarealto_imagedalto_xl_firmwaresiris_3_firmwaresiris_virtualsiris_3siris_3_x_all-flashsiris_2siris_3_x_all-flash_firmwarealto_2_firmwarealto_3siris_2_firmwarealto_imaged_firmwarealto_xlsiris_virtual_firmwarealto_2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-20646
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.29% / 66.67%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 17:25
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax40_firmwarerax40n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-20616
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 26.00%
||
7 Day CHG-0.01%
Published-24 Mar, 2020 | 19:31
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4538
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.87% / 54.41%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 18:09
Updated-07 Aug, 2024 | 00:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-x736_firmwarew850_firmwarex546_firmwaree460_firmwarec543_firmwarex546x363x738_firmwarex364_firmwarex734x466t654_firmwarec540_firmwarex544_firmwaree260x736x864_firmwarec544x464_firmwarex466_firmwaret650_firmwarex651x543_firmwarec544_firmwarex544t654x656_firmwarec546c546_firmwaree460x656c736_firmwarex363_firmwaret652_firmwarex862_firmwaret650x864x658e360x862w850e360_firmwarec734x463_firmwarex654x860x860_firmwarex543x364c543x658_firmwaret652x738c736x463c734_firmwarex464x651_firmwarex652_firmwarex734_firmwaree462_firmwarex654_firmwaree260_firmwaree462c540x652n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4143
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.18% / 63.97%
||
7 Day CHG~0.00%
Published-27 Jan, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors.

Action-Not Available
Vendor-n/aRSA Security LLC
Product-envisionn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0389
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.91% / 77.28%
||
7 Day CHG~0.00%
Published-07 Jul, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-5847
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.23%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 05:00
Updated-24 Apr, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosure

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Movie Ticketing System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2017-9492
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.53%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.

Action-Not Available
Vendor-commscopen/aCisco Systems, Inc.
Product-dpc3941tdpc3939barris_tg1682g_firmwaredpc3939dpc3941t_firmwaredpc3939b_firmwaredpc3939_firmwarearris_tg1682gn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.23%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other files.

Action-Not Available
Vendor-nick_korbeln/a
Product-phpscheduleitn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3757
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.37% / 68.64%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.33% / 67.71%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.

Action-Not Available
Vendor-limesurveyn/a
Product-limesurveyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3820
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.24%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WSN Software 6.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/prestart.php and certain other files.

Action-Not Available
Vendor-webmastersiten/a
Product-wsn_softwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3502
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.89% / 92.33%
||
7 Day CHG~0.00%
Published-16 Sep, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).

Action-Not Available
Vendor-cogentdatahubn/a
Product-cogent_datahubn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9485
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:00
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-accio_responsive_onepage_parallax_site_template_projectn/a
Product-accio_responsive_onepage_parallax_site_templaten/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9169
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.14%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, buffer over-read in QSEE app may cause confidential information to be leaked.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_412sd_808_firmwaresd_400sd_415sd_616sd_615sd_650_firmwaresd_615_firmwaresd_210msm8909w_firmwaresd_650sd_808sd_800sd_410sd_617sd_400_firmwaresd_652sd_212_firmwaresd_800_firmwaresd_412_firmwaresd_810sd_410_firmwaresd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Mobile, Snapdragon Wear
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9163
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.14%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a PlayReady function, information exposure can occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_820asd_412sd_808_firmwaresd_400sd_415sd_616sd_425sd_430_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaresd_210sd_820_firmwaresd_820sd_650sd_808sd_450_firmwaresd_800sd_845_firmwaresd_410sd_617sd_400_firmwaresd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_850_firmwaresd_625_firmwaresd_450sd_412_firmwaresd_845mdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresd_410_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 17:57
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-diplomat_\|_political_projectn/a
Product-diplomat_\|_politicaln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9189
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.90% / 55.34%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, and SD 810, processing of TZ application command in tz_app_cmd_handler function could lead to potential content disclosure of secure memory.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwaresd_412sd_808_firmwaresd_400sd_415sd_616mdm9607_firmwaresd_615sd_615_firmwaremsm8909w_firmwaremdm9607sd_210mdm9625_firmwaresd_808sd_410sd_400_firmwareipq4019_firmwaremdm9206sd_212_firmwaresd_412_firmwaremdm9635mmdm9615mdm9625mdm9206_firmwareipq4019sd_810mdm9615_firmwaresd_410_firmwaresd_600_firmwaresd_205sd_210_firmwaresd_600sd_415_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0210
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.70% / 74.32%
||
7 Day CHG~0.00%
Published-08 Feb, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3011
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-72.26% / 99.36%
||
7 Day CHG~0.00%
Published-15 Aug, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.

Action-Not Available
Vendor-n/aCA Technologies (Broadcom Inc.)
Product-arcserve_d2dn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9483
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 17:59
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-invento_\/_architecture_building_agency_template_projectn/a
Product-invento_\/_architecture_building_agency_templaten/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 56
  • 57
  • Next
Details not found