Search Results (10832 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6164 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.
CVE-2014-6190 1 Ibm 1 Workload Deployer 2025-04-12 N/A
The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document.
CVE-2014-6229 1 Facebook 1 Hiphop Virtual Machine 2025-04-12 N/A
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.
CVE-2014-7992 1 Cisco 1 Ios 2025-04-12 N/A
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.
CVE-2014-8007 1 Cisco 1 Prime Infrastructure 2025-04-12 N/A
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.
CVE-2014-8035 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247.
CVE-2016-4521 1 Sixnet 4 Bt-5 Series Cellular Router, Bt-5 Series Cellular Router Firmware, Bt-6 Series Cellular Router and 1 more 2025-04-12 N/A
Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.
CVE-2014-8105 2 Fedoraproject, Redhat 3 389 Directory Server, Fedora, Enterprise Linux 2025-04-12 N/A
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
CVE-2014-8112 2 Fedoraproject, Redhat 3 389 Directory Server, Fedora, Enterprise Linux 2025-04-12 N/A
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
CVE-2014-8122 1 Redhat 7 Jboss Bpms, Jboss Brms, Jboss Data Grid and 4 more 2025-04-12 N/A
Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.
CVE-2015-3058 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors.
CVE-2014-9025 1 Commerceguys 1 Commerce 2025-04-12 N/A
The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-9044 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.
CVE-2016-1193 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
CVE-2014-9156 1 Filefield Project 1 Filefield 2025-04-12 N/A
The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.
CVE-2016-8672 1 Siemens 8 Simatic Cp 343-1, Simatic Cp 343-1 Firmware, Simatic Cp 443-1 and 5 more 2025-04-12 N/A
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.
CVE-2014-9247 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389.
CVE-2014-9250 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418.
CVE-2014-9252 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416.
CVE-2014-9303 1 Entrypass 1 N5200 Active Network Control Panel 2025-04-12 N/A
EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.