Vulnerabilities (CVE)

CWE filter

CWE-538

Filter

8 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12623 2019-08-29 4.0
A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The...
CVE-2018-20932 1 Cpanel 1 Cpanel 2019-08-12 4.0
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
CVE-2018-11798 1 Apache 1 Thrift 2019-06-19 4.0
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
CVE-2019-10320 1 Jenkins 1 Credentials 2019-06-11 4.0
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files...
CVE-2018-16970 1 Wisetail 1 Learning Management System 2018-11-21 4.0
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.
CVE-2017-5387 1 Mozilla 1 Firefox 2018-08-07 2.1
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This...
CVE-2018-10590 1 Advantech 3 Webaccess, Webaccess%2fnms, Webaccess Dashboard 2018-06-15 5.0
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information...
CVE-2016-10399 1 Sendio 1 Sendio 2017-08-07 5.0
Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL.