Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2017-6094 Information Exposure vulnerability in Genexis Gaps
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance.
network
low complexity
genexis CWE-200
critical
9.8
2017-12-20 CVE-2017-1596 Information Exposure vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors.
local
low complexity
ibm CWE-200
5.5
2017-12-20 CVE-2017-1595 Information Exposure vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors.
local
low complexity
ibm CWE-200
5.5
2017-12-20 CVE-2017-1423 Information Exposure vulnerability in IBM Websphere Portal 8.5.0.0/9.0.0.0
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component.
network
low complexity
ibm CWE-200
5.3
2017-12-20 CVE-2017-1261 Information Exposure vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-200
3.3
2017-12-20 CVE-2017-1257 Information Exposure vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
4.3
2017-12-20 CVE-2017-17476 Information Exposure vulnerability in multiple products
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
network
low complexity
otrs debian CWE-200
8.8
2017-12-20 CVE-2017-17793 Information Exposure vulnerability in Blogotext Project Blogotext
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).
network
low complexity
blogotext-project CWE-200
7.5
2017-12-20 CVE-2017-17776 Information Exposure vulnerability in Paid to Read Script Project Paid to Read Script 2.0.5
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter.
network
low complexity
paid-to-read-script-project CWE-200
5.3
2017-12-19 CVE-2017-16786 Information Exposure vulnerability in Meinbergglobal Lantime Firmware
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
network
low complexity
meinbergglobal CWE-200
6.5