Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-28 | CVE-2018-12927 | Information Exposure vulnerability in Northernnep Northern Electric & Power Inverter Firmware Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI. | 7.5 |
| 2018-06-28 | CVE-2018-12926 | Information Exposure vulnerability in Pharoscontrols Pharos Firmware Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. | 7.5 |
| 2018-06-28 | CVE-2018-12923 | Information Exposure vulnerability in Bwssystems HA Bridge BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI. | 7.5 |
| 2018-06-28 | CVE-2018-12921 | Information Exposure vulnerability in Electroind Gaugetech Nexus Firmware Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI. | 7.5 |
| 2018-06-28 | CVE-2018-12920 | Information Exposure vulnerability in Flir Brickstream 2300 Firmware Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI. | 7.5 |
| 2018-06-27 | CVE-2018-1553 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. | 7.5 |
| 2018-06-27 | CVE-2018-1306 | Information Exposure vulnerability in Apache Pluto 3.0.0 The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. | 7.5 |
| 2018-06-27 | CVE-2018-5436 | Information Exposure vulnerability in Tibco products The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. | 8.8 |
| 2018-06-27 | CVE-2018-12908 | Information Exposure vulnerability in Brynamics Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials. | 9.8 |
| 2018-06-27 | CVE-2018-12907 | Information Exposure vulnerability in Rclone 1.42 In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue. | 7.5 |