Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-18 | CVE-2017-15700 | Information Exposure vulnerability in Apache Sling Authentication Service 1.4.0 A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | 8.8 |
| 2017-12-18 | CVE-2017-17735 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | 9.8 |
| 2017-12-18 | CVE-2017-17734 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | 9.8 |
| 2017-12-16 | CVE-2017-3194 | Information Exposure vulnerability in Pandora Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | 8.1 |
| 2017-12-16 | CVE-2017-3185 | Information Exposure vulnerability in Acti Camera Firmware A1D500V6.11.31Ac ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources. | 9.8 |
| 2017-12-15 | CVE-2017-14184 | Information Exposure vulnerability in Fortinet Forticlient An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. | 8.8 |
| 2017-12-15 | CVE-2017-17556 | Information Exposure vulnerability in HP Synaptics Touchpad Driver A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. | 5.1 |
| 2017-12-15 | CVE-2017-16787 | Information Exposure vulnerability in Meinbergglobal Lantime Firmware The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | 6.5 |
| 2017-12-15 | CVE-2017-17696 | Information Exposure vulnerability in Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel 1.0/20171116 Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php. | 4.3 |
| 2017-12-14 | CVE-2017-16355 | Information Exposure vulnerability in multiple products In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. | 4.7 |