Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-1677

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Apr, 2017 | 15:00
Updated At-06 Aug, 2024 | 09:50
Rejected At-
Credits

Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Apr, 2017 | 15:00
Updated At:06 Aug, 2024 | 09:50
Rejected At:
▼CVE Numbering Authority (CNA)

Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2016/Jul/67
mailing-list
x_refsource_FULLDISC
https://packetstormsecurity.com/files/125388
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/91578
vdb-entry
x_refsource_XF
http://www.exploit-db.com/exploits/31894
exploit
x_refsource_EXPLOIT-DB
http://www.securityfocus.com/archive/1/538955/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://seclists.org/fulldisclosure/2016/Jul/67
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://packetstormsecurity.com/files/125388
Resource:
x_refsource_MISC
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91578
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.exploit-db.com/exploits/31894
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securityfocus.com/archive/1/538955/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2016/Jul/67
mailing-list
x_refsource_FULLDISC
x_transferred
https://packetstormsecurity.com/files/125388
x_refsource_MISC
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/91578
vdb-entry
x_refsource_XF
x_transferred
http://www.exploit-db.com/exploits/31894
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.securityfocus.com/archive/1/538955/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2016/Jul/67
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://packetstormsecurity.com/files/125388
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91578
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/31894
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/538955/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Apr, 2017 | 15:59
Updated At:20 Apr, 2025 | 01:37

Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
technicolor
technicolor
>>tc7200_firmware>>std6.01.12
cpe:2.3:o:technicolor:tc7200_firmware:std6.01.12:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7200>>-
cpe:2.3:h:technicolor:tc7200:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2016/Jul/67cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/31894cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/538955/100/0/threadedcve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/91578cve@mitre.org
N/A
https://packetstormsecurity.com/files/125388cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Jul/67af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/31894af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/538955/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/91578af854a3a-2127-422b-91ae-364da2661108
N/A
https://packetstormsecurity.com/files/125388af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2016/Jul/67
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.exploit-db.com/exploits/31894
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/538955/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91578
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://packetstormsecurity.com/files/125388
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2016/Jul/67
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.exploit-db.com/exploits/31894
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/538955/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91578
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://packetstormsecurity.com/files/125388
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

2769Records found
CVE-2018-20443
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.81%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7200.d1itc7200.d1i_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.81%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7110.b_firmwaretc7110.bn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20438
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.81%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7110.artc7110.ar_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20394
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 69.72%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-twg870twg870_firmwaredwg855_firmwaredwg850-4_firmwaredwg855dwg850-4dwg849dwg849_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20381
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.32%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-dpc2320_firmwaredpc2320n/a
CVE-2018-20441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.81%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7200.th2v2tc7200.th2v2_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20393
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.32%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-cga0101_firmwaretc7200.th2v2.d1i_firmwaretc7110.ardpc3928sltc7110.b_firmwaretc7110.dcga0101dpc3928sl_firmwaretc7110.d_firmwarecga0111tc7110.btc7200.th2v2.d1icga0111_firmwaretc7200.d1i_firmwaretc7110.ar_firmwaretc7200.d1in/a
CVE-2018-20439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.13%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-17 Sep, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-dpc3928sldpc3928sl_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.81%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-cwa0101cwa0101_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20444
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.13%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-cga0111_firmwarecga0111n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-11449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.40%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 14:17
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf.

Action-Not Available
Vendor-technicolorn/a
Product-tc7337tc7337_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-10376
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 45.08%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 13:35
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.

Action-Not Available
Vendor-technicolorn/a
Product-tc7337net_firmwaretc7337netn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-3780
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.55%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 11:20
Updated-03 Sep, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information exposure vulnerability on Technicolor CGA2121

A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the device such as wifi network's SSID and their respective passwords.

Action-Not Available
Vendor-Technicolortechnicolor
Product-CGA2121cga2121
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.75%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files.

Action-Not Available
Vendor-n/aParallels International GmbhRed Hat, Inc.
Product-enterprise_linuxparallels_plesk_paneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1787
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 58.31%
||
7 Day CHG~0.00%
Published-24 Mar, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3728
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.

Action-Not Available
Vendor-boonexn/a
Product-dolphinn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-8.82% / 92.17%
||
7 Day CHG~0.00%
Published-15 Jan, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3705
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files.

Action-Not Available
Vendor-michael_armbrustern/a
Product-arctic_fox_cmsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3806
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.

Action-Not Available
Vendor-tecnickn/a
Product-tcexamn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-68.00% / 98.53%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.

Action-Not Available
Vendor-xymonn/aDebian GNU/Linux
Product-debian_linuxxymonn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-prestashopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-2859
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.25% / 48.19%
||
7 Day CHG~0.00%
Published-23 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.

Action-Not Available
Vendor-boesch-itn/a
Product-simpnewsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3757
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.26% / 49.12%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-2758
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.72% / 71.61%
||
7 Day CHG~0.00%
Published-13 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1864
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.55% / 66.94%
||
7 Day CHG-0.04%
Published-19 Jun, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3788
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Test/Test_Suhosin.php and certain other files.

Action-Not Available
Vendor-phpsecn/a
Product-phpsecinfon/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3750
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kPlaylist 1.8.502 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by getid3/getid3/write.id3v1.php and certain other files.

Action-Not Available
Vendor-kplaylistn/a
Product-kplaylistn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3762
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenBlog 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files.

Action-Not Available
Vendor-open-blogn/a
Product-openblogn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3717
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files.

Action-Not Available
Vendor-clip-bucketn/a
Product-clipbucketn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.75%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

Action-Not Available
Vendor-n/aParallels International Gmbh
Product-parallels_plesk_small_business_paneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2002-0596
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.71% / 71.23%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message.

Action-Not Available
Vendor-webtrendsn/a
Product-reporting_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4538
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 18:09
Updated-07 Aug, 2024 | 00:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-x736_firmwarew850_firmwarex546_firmwaree460_firmwarec543_firmwarex546x363x738_firmwarex364_firmwarex734x466t654_firmwarec540_firmwarex544_firmwaree260x736x864_firmwarec544x464_firmwarex466_firmwaret650_firmwarex651x543_firmwarec544_firmwarex544t654x656_firmwarec546c546_firmwaree460x656c736_firmwarex363_firmwaret652_firmwarex862_firmwaret650x864x658e360x862w850e360_firmwarec734x463_firmwarex654x860x860_firmwarex543x364c543x658_firmwaret652x738c736x463c734_firmwarex464x651_firmwarex652_firmwarex734_firmwaree462_firmwarex654_firmwaree260_firmwaree462c540x652n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-9852
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.17%
||
7 Day CHG~0.00%
Published-08 Apr, 2018 | 02:00
Updated-16 Sep, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.

Action-Not Available
Vendor-gxlcmsn/a
Product-gxlcms_qyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3823
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files.

Action-Not Available
Vendor-yamamahn/a
Product-yamamahn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files.

Action-Not Available
Vendor-zikulan/a
Product-zikulan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.

Action-Not Available
Vendor-phpnuken/a
Product-php-nuken/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-9922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.

Action-Not Available
Vendor-icmsdevn/a
Product-icmsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-3062
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.79% / 72.86%
||
7 Day CHG~0.00%
Published-20 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files.

Action-Not Available
Vendor-taskfreakn/a
Product-taskfreak\!_multi-mysqln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0338
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.05%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 13:49
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.

Action-Not Available
Vendor-SAP SE
Product-gatewaySAP Gateway
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.

Action-Not Available
Vendor-fengofficen/a
Product-feng_officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3749
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files.

Action-Not Available
Vendor-maptoolsn/a
Product-ka-mapn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3816
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.26% / 49.12%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files.

Action-Not Available
Vendor-webinstan/a
Product-mailing_list_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AneCMS 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/menu/index.php and certain other files.

Action-Not Available
Vendor-anecmsn/a
Product-anecmsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4279
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-16 Jul, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.36% / 57.20%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files.

Action-Not Available
Vendor-n/aMantis Bug Tracker (MantisBT)
Product-mantisbtn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files.

Action-Not Available
Vendor-n/aThorsten Rinne (phpMyFAQ)
Product-phpmyfaqn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5638
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-1.27% / 78.64%
||
7 Day CHG~0.00%
Published-24 Jul, 2018 | 15:00
Updated-06 Aug, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text

There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-wndr4500_firmwarewndr4500WNDR4500
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3778
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PhpGedView 4.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by serviceClientTest.php and certain other files.

Action-Not Available
Vendor-phpgedviewn/a
Product-phpgedviewn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.32%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files.

Action-Not Available
Vendor-bishop_bettinin/a
Product-phpespn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 55
  • 56
  • Next
Details not found