| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page. |
| HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information |
| Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. |
| Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results |
| Moodle before 2.2.2: Overview report allows users to see hidden courses |
| Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to |
| An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. |
| JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. |
| A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability. |
| Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. |
| uzbl: Information disclosure via world-readable cookies storage file |
| surf: cookie jar has read access from other local user |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. |
| mediawiki allows deleted text to be exposed |
| mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. |
| hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. |
| Joomla! 1.7.1 has core information disclosure due to inadequate error checking. |
| mpack 1.6 has information disclosure via eavesdropping on mails sent by other users |
| In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. |
