Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-30 | CVE-2018-20607 | Information Exposure vulnerability in Txjia Imcat 4.4 imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. | 5.3 |
| 2018-12-30 | CVE-2018-20606 | Information Exposure vulnerability in Txjia Imcat 4.4 imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | 7.5 |
| 2018-12-30 | CVE-2018-20602 | Information Exposure vulnerability in Lfdycms LEI Feng TV CMS 3.8.6 Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. | 7.5 |
| 2018-12-28 | CVE-2018-14986 | Information Exposure vulnerability in Leagoo Z5C Firmware The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) containing an exported content provider named com.android.messaging.datamodel.MessagingContentProvider. | 7.5 |
| 2018-12-28 | CVE-2018-14984 | Information Exposure vulnerability in Leagoo Z5C Firmware The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) with an exported broadcast receiver app component named com.android.messaging.trackersender.TrackerSender. | 7.5 |
| 2018-12-28 | CVE-2018-14979 | Information Exposure vulnerability in Asus Zenfone 3 MAX Firmware 7.0.0.55 The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). | 4.7 |
| 2018-12-28 | CVE-2018-20571 | Information Exposure vulnerability in Damicms 6.0.1 DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | 7.5 |
| 2018-12-27 | CVE-2018-20511 | Information Exposure vulnerability in multiple products An issue was discovered in the Linux kernel before 4.18.11. | 5.5 |
| 2018-12-26 | CVE-2018-11741 | Information Exposure vulnerability in NEC Univerge Sv9100 Webpro Firmware 6.00.00 NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. | 9.8 |
| 2018-12-26 | CVE-2018-20483 | Information Exposure vulnerability in GNU Wget set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. | 7.8 |