CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
90 vulnerabilities with CWE-538
CVE-2019-12623
MEDIUM
Cisco Enterprise NFVIS < 3.12.1 - Authenticated File Enumeration via Web Server Error Codes
CVSS 4.3
CVE-2019-10320
MEDIUM
Jenkins Credentials Plugin <2.1.18 - Info Disclosure
CVSS 4.3
CVE-2018-20932
LOW
cPanel 61.9999.55-62.0.42 - Sensitive Information Exposure via Apache HTTP Server Logs
CVSS 2.7
CVE-2018-11798
MEDIUM
Apache Thrift Node.js <0.11.0 - Path Traversal
CVSS 6.5
CVE-2018-16970
MEDIUM
Wisetail Learning Ecosystem < 4.11.6 - Insecure Direct Object Reference via Course File ID Parameter
CVSS 4.3
CVE-2018-10590
HIGH
Advantech WebAccess <8.3.1 - Info Disclosure
CVSS 7.5
CVE-2018-4847
MEDIUM
SIMATIC WinCC OA Operator iOS App < V1.4 - Info Disclosure
CVSS 4.6
CVE-2017-5387
LOW
Firefox < 51.0 - Local File Existence Disclosure via Track Tag Error Handling
CVSS 3.3
CVE-2017-16770
MEDIUM
Synology Surveillance Station <8.1.2-5469 - Info Disclosure
CVSS 6.5
CVE-2017-9947
MEDIUM
Siemens APOGEE PXC and TALON TC BACnet Automation Controllers <V3.5 - Path Traversal via Web Server
CVSS 5.3
CVE-2016-20024
CRITICAL
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
CVSS 9.8
CVE-2016-15056
HIGH
Ubee EVW3226 <1.0.20 - Info Disclosure
CVE-2016-10399
HIGH
Sendio < 8.2.0 - Unauthenticated Local File Inclusion via Crafted URL
CVSS 7.5
CVE-2014-0772
Advantech WebAccess < 7.1 - Exposure of Sensitive Information via OpenUrlToBufferTimeout Method
CVE-2014-0771
Advantech WebAccess < 7.1 - Exposure of Sensitive Information via OpenUrlToBuffer Method
Details
Vulnerabilities
90