Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-05 | CVE-2018-9185 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | 8.1 |
| 2018-07-03 | CVE-2018-13123 | Information Exposure vulnerability in Onefilecms onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. | 9.8 |
| 2018-07-03 | CVE-2018-7776 | Information Exposure vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 4.3 |
| 2018-07-03 | CVE-2018-10596 | Information Exposure vulnerability in Medtronic 2090 Carelink Programmer Firmware Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. | 8.0 |
| 2018-07-02 | CVE-2018-12892 | Information Exposure vulnerability in multiple products An issue was discovered in Xen 4.7 through 4.10.x. | 9.9 |
| 2018-06-30 | CVE-2018-12990 | Information Exposure vulnerability in PHPwcms 1.8.9 phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | 5.3 |
| 2018-06-29 | CVE-2018-12997 | Information Exposure vulnerability in Zohocorp products Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | 7.5 |
| 2018-06-28 | CVE-2018-12927 | Information Exposure vulnerability in Northernnep Northern Electric & Power Inverter Firmware Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI. | 7.5 |
| 2018-06-28 | CVE-2018-12926 | Information Exposure vulnerability in Pharoscontrols Pharos Firmware Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. | 7.5 |
| 2018-06-28 | CVE-2018-12923 | Information Exposure vulnerability in Bwssystems HA Bridge BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI. | 7.5 |