Which option is a list of publicly disclosed information security defects?
Ngày đăng:
04/01/2023
Trả lời:
0
Lượt xem:
103
Show Vulnerability NameCVE CWECWESeverity.htaccess file readable CWE-443CWE-443Medium Access database found CWE-538CWE-538Medium Adminer 4.6.2 file disclosure vulnerability CWE-22CWE-22High Adobe ColdFusion directory traversalCVE-2013-3336 CWE-22CWE-22High Amazon S3 public bucket CWE-264CWE-264Medium Amazon S3 publicly writable bucket CWE-264CWE-264High Apache 2.x version older than 2.0.48CVE-2003-0542 CVE-2003-0789 CWE-119CWE-119Medium Apache Axis2 administration console weak password CWE-200CWE-200High Apache Axis2 information disclosure CWE-200CWE-200Medium Apache Axis2 web services enumeration CWE-200CWE-200Low Apache balancer-manager application publicly accessible CWE-200CWE-200Medium Apache httpOnly cookie disclosureCVE-2012-0053 CWE-264CWE-264Medium Apache mod_negotiation filename bruteforcing CWE-538CWE-538Low Apache perl-status enabled CWE-200CWE-200Medium Apache server-info enabled CWE-200CWE-200Medium Apache server-status enabled CWE-200CWE-200Medium Apache Solr endpoint CWE-200CWE-200Low Apache solr service exposed CWE-200CWE-200High Apache stronghold-info enabled CWE-200CWE-200Low Apache stronghold-status enabled CWE-200CWE-200Low Apache Tomcat examples directory vulnerabilities CWE-264CWE-264Medium Apache Tomcat Information Disclosure CVE-2017-7674CVE-2017-12616 CWE-200CWE-200High Apache Tomcat version older than 4.1.37CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461 CWE-79CWE-79Medium Apache Tomcat version older than 6.0.11CVE-2005-2090 CVE-2007-1355 CWE-79CWE-79Medium Apache Tomcat version older than 6.0.35CVE-2011-3190 CVE-2011-3375 CVE-2012-0022 CWE-264CWE-264High Apache Tomcat version older than 7.0.21CVE-2011-3190 CWE-264CWE-264High apc.php page found CWE-538CWE-538Medium Application error messages CWE-209CWE-209Medium Arbitrary file existence disclosure in Action PackCVE-2014-7829 CWE-200CWE-200Medium ASP.NET application trace enabled CWE-215CWE-215Medium ASP.NET custom errors disabled CWE-12CWE-12Medium ASP.NET debugging enabled CWE-11CWE-11Low ASP.NET diagnostic page CWE-200CWE-200Medium ASP.NET error message CWE-12CWE-12Medium ASP.NET MVC version disclosure CWE-200CWE-200Low ASP.NET path disclosure CWE-200CWE-200Low ASP.NET version disclosure CWE-200CWE-200Low Atlassian Confluence Access Restriction BypassCVE-2017-9505 Medium Atlassian Confluence information disclosureCVE-2017-7415 High Atlassian Confluence Stored Cross Site ScriptingCVE-2016-6283 Medium Atlassian Jira Manage Filters information disclosure CWE-200CWE-200Low AWStats script CWE-538CWE-538Medium Backup files CWE-538CWE-538Medium Bazaar repository found CWE-538CWE-538High Chrome Logger information disclosure CWE-200CWE-200Medium ColdFusion path disclosures CWE-200CWE-200Low ColdFusion Request Debugging information disclosure CWE-200CWE-200Medium ColdFusion Robust Exception enabled CWE-200CWE-200Medium Configuration file disclosure CWE-538CWE-538High Configuration file source code disclosure CWE-538CWE-538High Core dump checker PHP script CWE-200CWE-200Medium Core dump file CWE-200CWE-200High Credit card number disclosed CWE-200CWE-200Medium CVS web repository CWE-527CWE-527High Database connection string disclosure CWE-200CWE-200Medium Development configuration files CWE-538CWE-538Medium Devise weak password CWE-200CWE-200High Directory listings CWE-538CWE-538Medium Django debug mode enabled CWE-200CWE-200Medium Documentation files CWE-538CWE-538Low Dotenv .env file CWE-538CWE-538High Drupal 7 arbitrary PHP code execution and information disclosureCVE-2012-4553 CVE-2012-4554 CWE-264CWE-264High Drupal Backup Migrate directory publicly accessible CWE-538CWE-538High Drupal Core 5.x Information Disclosure (5.0 - 5.18)CVE-2009-2374 CWE-200CWE-200High Drupal Core 6.x Information Disclosure (6.0 - 6.30)CVE-2014-2983 CWE-200CWE-200High Drupal Core 7.x Information Disclosure (7.0 - 7.14)CVE-2012-2922 CWE-200CWE-200High Drupal Core 7.x Information Disclosure (7.0 - 7.26)CVE-2014-2983 CWE-200CWE-200High Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9)CVE-2020-13670 CWE-200CWE-200High Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5)CVE-2020-13670 CWE-200CWE-200High Drupal Core 8.x.x Information Disclosure (8.0.0 - 8.7.14)CVE-2020-13670 CWE-200CWE-200High Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5)CVE-2020-13670 CWE-200CWE-200High Drupal Views module information disclosure vulnerability CWE-200CWE-200Medium Elasticsearch service accessible CWE-200CWE-200High elmah.axd information disclosure CWE-209CWE-209Medium Email addresses CWE-200CWE-200Informational Error messages CWE-209CWE-209Medium Error page path disclosure CWE-200CWE-200Low Error page web server version disclosure CWE-200CWE-200Informational File Content Disclosure in Action ViewCVE-2019-5418 CWE-200CWE-200High Folder backup CWE-538CWE-538Medium Frontpage authors.pwd available CWE-538CWE-538Medium Frontpage extensions enabled CWE-16CWE-16Medium Full public read access Azure blob storage CWE-264CWE-264Medium Git repository found CWE-527CWE-527High GlassFish admin console weak credentials CWE-693CWE-693High Global.asa backup file found CWE-538CWE-538Medium Golang runtime profiling data CWE-200CWE-200Medium HTML Form found in redirect page CWE-287CWE-287Low IBM Web Content Manager XPath injectionCVE-2013-6735 CWE-264CWE-264High IBM WebSphere/WebLogic application source file exposure CWE-200CWE-200High IBM WebSphere administration console weak password CWE-200CWE-200High Insecure transition from HTTPS to HTTP in form post CWE-200CWE-200Low Insecure transition from HTTP to HTTPS in form post CWE-200CWE-200Medium Internal IP address disclosure CWE-200CWE-200Informational Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200CWE-200Low JBoss BSHDeployer MBean CWE-200CWE-200High JBoss HttpAdaptor JMXInvokerServlet CWE-94CWE-94High JBoss JMX Console Unrestricted Access CWE-200CWE-200High JBoss JMX management console CWE-200CWE-200High JBoss Seam remoting vulnerabilitiesCVE-2013-6447 CVE-2013-6448 CWE-611CWE-611High JBoss ServerInfo MBeanCVE-2010-0738 CWE-200CWE-200High JBoss Server MBean CWE-200CWE-200High JBoss status servlet information leakCVE-2010-1429 CWE-200CWE-200Medium JBoss Web Console JMX Invoker CWE-200CWE-200High JBoss web service console CWE-200CWE-200Low Jenkins dashboard CWE-200CWE-200Medium Jenkins user enumeration CWE-200CWE-200Low Jenkins weak password CWE-200CWE-200High JetBrains .idea project directory CWE-538CWE-538Medium JetLeak vulnerabilityCVE-2015-2080 CWE-200CWE-200High Joe Editor DEADJOE file CWE-538CWE-538Low Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11)CVE-2011-4911 CWE-200CWE-200High Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12) CWE-200CWE-200High Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14) CWE-200CWE-200High Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15)CVE-2010-1432 CWE-200CWE-200High Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23)CVE-2011-3629 CWE-200CWE-200High Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)CVE-2012-1599 CWE-264CWE-264High Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3) CWE-200CWE-200High Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)CVE-2012-0821 CWE-200CWE-200High Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)CVE-2012-0819 CWE-200CWE-200High Joomla! Core 1.7.0 Information Disclosure (1.7.0 - 1.7.0) CWE-200CWE-200High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)CVE-2011-4937 CWE-200CWE-200High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)CVE-2011-3629 CWE-200CWE-200High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)CVE-2012-0819 CWE-200CWE-200High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)CVE-2012-0821 CWE-200CWE-200High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)CVE-2012-0837 CWE-200CWE-200High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)CVE-2012-0835 CWE-200CWE-200High Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)CVE-2012-0836 CWE-200CWE-200High Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0)CVE-2012-0835 CWE-200CWE-200High Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0)CVE-2012-0837 CWE-200CWE-200High Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3)CVE-2012-1611 CWE-200CWE-200High Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)CVE-2012-2748 CWE-200CWE-200High Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8)CVE-2013-1453 CWE-200CWE-200High Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9)CVE-2013-3057 CWE-200CWE-200High Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)CVE-2013-1454 CWE-200CWE-200High Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)CVE-2013-1453 CWE-200CWE-200High Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)CVE-2013-1455 CWE-200CWE-200High Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3)CVE-2013-3057 CWE-200CWE-200High Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5)CVE-2017-14595 CWE-200CWE-200High Joomla! Core 3.9.x Information Disclosure (3.9.0 - 3.9.22)CVE-2020-35614 CWE-200CWE-200High Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7)CVE-2018-11325 CWE-200CWE-200High Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19)CVE-2020-15698 CWE-200CWE-200High Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7)CVE-2018-11327 CWE-200CWE-200High Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)CVE-2017-8057 CWE-200CWE-200High Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12)CVE-2019-18674 CWE-200CWE-200High Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1)CVE-2017-16633 CWE-200CWE-200High Joomla! Core 3.x.x Information Disclosure (3.8.0 - 3.9.13)CVE-2019-19845 CWE-200CWE-200High Joomla! Core Information Disclosure (1.5.0 - 3.7.5)CVE-2017-14596 CWE-200CWE-200High Joomla! Core Information Disclosure (1.5.0 - 3.8.1)CVE-2017-14596 CWE-200CWE-200High Joomla! Core Information Disclosure (2.5.0 - 3.9.22)CVE-2020-35611 CWE-200CWE-200High Joomla! Core Information Disclosure (2.5.0 - 3.9.22)CVE-2020-35610 CWE-200CWE-200High JSONP enabled by default in MappingJackson2JsonViewCVE-2018-11040 CWE-538CWE-538Medium JVM version leakage CWE-200CWE-200Informational Laravel log file publicly accessible CWE-538CWE-538Medium Macromedia Dreamweaver remote database scriptsCVE-2004-1893 CWE-200CWE-200High Magento Cacheleak CWE-200CWE-200High MantisBT multiple security issuesCVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042 CWE-200CWE-200High Mercurial repository found CWE-538CWE-538High Microsoft Frontpage configuration information CWE-200CWE-200Informational Microsoft IIS5 NTLM and Basic authentication bypassCVE-2007-2815 CWE-264CWE-264High Microsoft IIS Server service.cnf file found CWE-538CWE-538Low Microsoft IIS tilde directory enumeration CWE-20CWE-20High Microsoft IIS version disclosure CWE-200CWE-200Informational Microsoft Office possible sensitive information CWE-200CWE-200Low Minify arbitrary file disclosureCVE-2013-6619 CWE-538CWE-538High MongoDB HTTP status interface CWE-200CWE-200Medium Multiple vulnerabilities in Ioncube loader-wizard.php CWE-552CWE-552High MySQL connection credentials CWE-538CWE-538High MySQL username disclosure CWE-538CWE-538Low Nginx memory disclosure with specially crafted HTTP backend responsesCVE-2012-1180 CWE-399CWE-399High nginx range filter integer overflowCVE-2017-7529 CWE-200CWE-200Medium npm log file publicly accessible (npm-debug.log) CWE-200CWE-200Medium OData feed accessible anonymously CWE-200CWE-200Low Oracle applications logs publicy available CWE-200CWE-200Medium Oracle JavaServer Faces multiple vulnerabilitiesCVE-2013-3827 CWE-22CWE-22High Oracle Reports Services RWServlet environment variables disclosure CWE-200CWE-200Low Padding oracle attack CWE-209CWE-209High Password field submitted using GET method CWE-200CWE-200Medium PHP-CGI remote code executionCVE-2012-1823 CVE-2012-2311 CWE-20CWE-20High PHP-CS-Fixer cache file publicly accessible (.php_cs.cache) CWE-200CWE-200Medium PHP-FPM Status Page CWE-200CWE-200Medium PHP curl_exec() url is controlled by userCVE-2009-0037 CWE-352CWE-352Medium PHP errors enabled CWE-209CWE-209Medium PHPinfo page CWE-200CWE-200Medium PHPinfo pages CWE-200CWE-200Medium PHP opcache-status page publicly accessible CWE-200CWE-200Medium Possible database backup CWE-538CWE-538High Possible sensitive directories CWE-200CWE-200Low Possible sensitive files CWE-200CWE-200Low Possible server path disclosure (Unix) CWE-200CWE-200Informational Possible server path disclosure (Windows) CWE-200CWE-200Informational Possible social security number disclosed CWE-200CWE-200Medium Possible SQL Statement in comment CWE-200CWE-200Low Possible username or password disclosure CWE-200CWE-200Informational Possible virtual host found CWE-200CWE-200Low rack-mini-profiler environment variables disclosure CWE-287CWE-287Medium Rails controller possible sensitive information disclosure CWE-200CWE-200Medium Reachable SharePoint interface CWE-200CWE-200High RSA private key CWE-200CWE-200High Ruby on Rails database configuration file CWE-538CWE-538High SAP ICF /sap/public/info sensitive information disclosure CWE-200CWE-200Medium SAP Management Console get user list CWE-200CWE-200High SAP Management Console list logfiles CWE-200CWE-200High SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability CWE-200CWE-200Medium SAP NetWeaver server info information disclosure CWE-200CWE-200Medium SAP NetWeaver server info information disclosure BCB CWE-200CWE-200Medium SAP weak/predictable user credentials CWE-200CWE-200High Secrets leakage CWE-200CWE-200Medium Sensitive pages could be cached CWE-200CWE-200Low Server-based source code disclosures CWE-538CWE-538Medium Session token in URL CWE-200CWE-200Low SFTP/FTP credentials exposure CWE-200CWE-200High SharePoint exposed web services CWE-200CWE-200Medium SharePoint user enumeration CWE-200CWE-200High Snoop Servlet information disclosure CWE-200CWE-200Low Source code disclosures CWE-538CWE-538Medium SQLite database found CWE-538CWE-538Medium Stack Trace Disclosure (Apache MyFaces) CWE-209CWE-209Low Stack Trace Disclosure (ASP.NET) CWE-209CWE-209Low Stack Trace Disclosure (CakePHP) CWE-209CWE-209Low Stack Trace Disclosure (CherryPy) CWE-209CWE-209Low Stack Trace Disclosure (ColdFusion) CWE-209CWE-209Low Stack Trace Disclosure (Grails) CWE-209CWE-209Low Stack Trace Disclosure (GWT) CWE-209CWE-209Low Stack Trace Disclosure (Java) CWE-209CWE-209Low Stack Trace Disclosure (Laravel) CWE-209CWE-209Low Stack Trace Disclosure (Node.js) CWE-209CWE-209Low Stack Trace Disclosure (Python) CWE-209CWE-209Low Stack Trace Disclosure (Rails) CWE-209CWE-209Low Stack Trace Disclosure (Ruby) CWE-209CWE-209Low Stack Trace Disclosure (Tomcat) CWE-209CWE-209Low SVN repository found CWE-538CWE-538High Symfony databases.yml configuration file CWE-538CWE-538High Symfony web debug toolbar CWE-489CWE-489Medium The Heartbleed BugCVE-2014-0160 CWE-200CWE-200High Tiki Wiki CMS: Arbitrary Code Execution High Tiki Wiki CMS: Arbitrary File Download High Tiki Wiki CMS: Remote Code Execution via Calendar Module High Tomcat status page CWE-200CWE-200Low Unencrypted __VIEWSTATE parameter CWE-200CWE-200Medium Unprotected JSON file leaking secrets CWE-200CWE-200Medium Unprotected phpMyAdmin interface CWE-205CWE-205High Unrestricted access to NGINX+ API interface (read only) CWE-200CWE-200Medium Unrestricted access to NGINX+ API interface (read write) CWE-200CWE-200High Unrestricted access to NGINX+ Dashboard CWE-200CWE-200Medium Unrestricted access to NGINX+ Status module CWE-200CWE-200Low Unrestricted access to NGINX+ Upstream HTTP interface CWE-200CWE-200Medium vBulletin customer number disclosureCVE-2013-6129 CWE-264CWE-264High Virtual host directory listing CWE-538CWE-538Medium W3 total cache debug mode CWE-489CWE-489Medium Weak password CWE-200CWE-200High web.xml configuration file disclosure CWE-538CWE-538High webadmin.php script CWE-552CWE-552High Webalizer script CWE-538CWE-538Medium Web application default/weak credentials CWE-200CWE-200High WebDAV directory listing CWE-538CWE-538Medium WebLogic admin console weak credentials CWE-693CWE-693High Webmail weak password CWE-200CWE-200High Web server default welcome page CWE-200CWE-200Informational WordPress database credentials disclosure CWE-538CWE-538Medium WordPress debug mode CWE-200CWE-200High WordPress full path disclosure CWE-200CWE-200Low WordPress pingback scannerCVE-2013-0235 CWE-918CWE-918Medium WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3)CVE-2007-0540 CWE-200 CWE-400CWE-200 CWE-400High WordPress Plugin A2 Optimized WP Information Disclosure (2.0.10.8) CWE-200CWE-200High WordPress Plugin AccessAlly Information Disclosure (3.5.6)CVE-2021-24226 CWE-200CWE-200High WordPress Plugin ACF to REST API Information Disclosure (3.2.0)CVE-2020-13700 CWE-200CWE-200High WordPress Plugin Activity Log Information Disclosure (2.2.12) CWE-200CWE-200High WordPress Plugin Acumbamail Information Disclosure (1.0.4) CWE-200CWE-200High WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0) CWE-200CWE-200High WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.6.2) CWE-200CWE-200High WordPress Plugin Advanced Woo Search Information Disclosure (1.99)CVE-2020-12070 CWE-200CWE-200High WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4) CWE-611CWE-611High WordPress Plugin AlertWire Information Disclosure (1.1.1) CWE-200CWE-200High WordPress Plugin All-in-One WP Migration Information Disclosure (7.0) CWE-200CWE-200High WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve Your SEO Rankings Information Disclosure (2.2.5.1)CVE-2015-0902 CWE-200CWE-200High WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92) CWE-538CWE-538High WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0) CWE-22CWE-22High WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0) CWE-22CWE-22High WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0) CWE-22CWE-22High WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0) CWE-22CWE-22High WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1)CVE-2022-31474 CWE-22CWE-22High WordPress Plugin BackupBuddy Information Disclosure (2.2.28)CVE-2013-2743 CVE-2013-2744 CWE-200CWE-200High WordPress Plugin Be POPIA Compliant Information Disclosure (1.1.5)CVE-2022-1186 CWE-200CWE-200High WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2) CWE-538CWE-538High WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0) CWE-200CWE-200High WordPress Plugin BuddyPress Information Disclosure (5.1.1)CVE-2020-5244 CWE-200CWE-200High WordPress Plugin BulletProof Security Information Disclosure (5.1)CVE-2021-39327 CWE-200CWE-200High WordPress Plugin Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1) CWE-538CWE-538High WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2) CWE-200CWE-200High WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6) CWE-538CWE-538High WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)CVE-2015-1000005 CWE-22CWE-22High WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3)CVE-2014-9461 CWE-22CWE-22High WordPress Plugin Cherry Services List Information Disclosure (1.4.1) CWE-200CWE-200High WordPress Plugin Cherry Team Members Information Disclosure (1.4.1) CWE-200CWE-200High WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4) CWE-538CWE-538High WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2) CWE-22CWE-22High WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46) CWE-22CWE-22High WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11) CWE-538CWE-538High WordPress Plugin Contact Form 7 Database Information Disclosure (1.3) CWE-200CWE-200High WordPress Plugin Contact Form Email Information Disclosure (1.2.66) CWE-200CWE-200High WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1)CVE-2012-0896 CWE-22 CWE-79CWE-22 CWE-79High WordPress Plugin Count per Day Information Disclosure (3.2.5) CWE-200CWE-200High WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5) CWE-22CWE-22High WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10) CWE-22CWE-22High WordPress Plugin Credova_Financial Information Disclosure (1.4.8)CVE-2021-39342 CWE-200CWE-200High WordPress Plugin Customize WordPress Emails and Alerts-Better Notifications for WP Information Disclosure (1.8.6)CVE-2022-0345 CWE-200CWE-200High WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15) CWE-538CWE-538High WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4) CWE-200CWE-200High WordPress Plugin Download Monitor Information Disclosure (1.6.3) CWE-538CWE-538High WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1) CWE-22CWE-22High WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)CVE-2015-4704 CWE-22CWE-22High WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0) CWE-22CWE-22High WordPress Plugin Duplicator-WordPress Migration Arbitrary File Download (1.3.26)CVE-2020-11738 CWE-538CWE-538High WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3) CWE-200CWE-200High WordPress Plugin Easy Author Image Information Disclosure (1.5) CWE-200CWE-200High WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0) CWE-22CWE-22High WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Information Disclosure (2.7.6) CWE-200CWE-200High WordPress Plugin Email Log Information Disclosure (1.9) CWE-200CWE-200High WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0) CWE-200CWE-200High WordPress Plugin Email Subscribers & Newsletters Information Disclosure (3.4.7)CVE-2018-6015 CWE-200CWE-200High WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1) CWE-22CWE-22High WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)CVE-2019-19983 CWE-200CWE-200High WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1) CWE-22CWE-22High WordPress Plugin File Manager Information Disclosure (6.4)CVE-2020-24312 CWE-200CWE-200High WordPress Plugin Find My Blocks Information Disclosure (3.3.2)CVE-2021-24677 CWE-200CWE-200High WordPress Plugin FireStats Arbitrary File Download (1.6.5) CWE-538CWE-538High WordPress Plugin Font Awesome Information Disclosure (4.0.0-rc16) CWE-200CWE-200High WordPress Plugin Formidable Form Builder-Contact Form, Survey & Quiz Forms for WordPress Information Disclosure (2.0.07) CWE-200CWE-200High WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3)CVE-2012-4920 CWE-22CWE-22High WordPress Plugin Fusion Engage Local File Disclosure (1.0.5) CWE-22CWE-22High WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)CVE-2014-8491 CWE-200CWE-200High WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities (0.59) CWE-22 CWE-89CWE-22 CWE-89High WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3) CWE-538CWE-538High WordPress Plugin Ghost Arbitrary File Download (0.5.5) CWE-538CWE-538High WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)CVE-2022-2117 CWE-200CWE-200High WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1) CWE-95 CWE-200CWE-95 CWE-200High WordPress Plugin GlotPress Information Disclosure (2.2.1) CWE-200CWE-200High WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)CVE-2017-5223 CWE-200CWE-200High WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6)CVE-2012-4915 CWE-22CWE-22High WordPress Plugin Google Drive for WordPress Information Disclosure (2.2) CWE-538CWE-538High WordPress Plugin Gravity Forms Information Disclosure (2.4.8)CVE-2020-13764 CWE-200CWE-200High WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Arbitrary File Disclosure (2.0.9.4) CWE-538CWE-538High WordPress Plugin HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0) CWE-538CWE-538High WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3) CWE-538CWE-538High WordPress Plugin Helpful Information Disclosure (4.5.25)CVE-2022-2834 CWE-200CWE-200High WordPress Plugin History Collection Arbitrary File Download (1.1.1) CWE-538CWE-538High WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)CVE-2014-9177 CWE-200CWE-200High WordPress Plugin IBS Mappro Arbitrary File Download (0.6)CVE-2015-5472 CWE-22CWE-22High WordPress Plugin Image Export Arbitrary File Download (1.1.0)CVE-2015-5609 CWE-22CWE-22High WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7) CWE-22CWE-22High WordPress Plugin Import all XML, CSV & TXT into WordPress Information Disclosure (3.6.74) CWE-200CWE-200High WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42) CWE-22CWE-22High WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1) CWE-200CWE-200High WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure (9.7.1)CVE-2021-24374 CWE-200CWE-200High WordPress Plugin Jigoshop Information Disclosure (1.17.9) CWE-200CWE-200High WordPress Plugin JM Twitter Cards Information Disclosure (6.1) CWE-200CWE-200High WordPress Plugin Log Emails Information Disclosure (1.0.6) CWE-200CWE-200High WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8) CWE-22CWE-22High WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0) CWE-538CWE-538High WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1) CWE-22CWE-22High WordPress Plugin MapSVG Lite Arbitrary File Disclosure (4.2.3.1) CWE-538CWE-538High WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0) CWE-200CWE-200High WordPress Plugin Membership Simplified Arbitrary File Download (1.58)CVE-2017-1002008 CWE-538CWE-538High WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5) CWE-538CWE-538High WordPress Plugin MetaSlider Information Disclosure (3.3.1) CWE-200CWE-200High WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)CVE-2022-1442 CWE-200CWE-200High WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4) CWE-538CWE-538High WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5) CWE-538CWE-538High WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2)CVE-2015-1000008 CWE-200CWE-200High WordPress Plugin MP3-jPlayer Local File Disclosure (2.3) CWE-538CWE-538High WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0) CWE-538CWE-538High WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)CVE-2013-0291 CWE-200CWE-200High WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8) CWE-200CWE-200High WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)CVE-2012-6511 CVE-2012-6512 CWE-79 CWE-200CWE-79 CWE-200High WordPress Plugin Page and Post Clone Information Disclosure (1.1) CWE-200CWE-200High WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)CVE-2008-5752 CWE-22CWE-22High WordPress Plugin Paid Memberships Pro 'memberslist-csv.php' Information Disclosure (1.4.9) CWE-538CWE-538High WordPress Plugin Paid Memberships Pro Information Disclosure (2.5.2) CWE-200CWE-200High WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3) CWE-538CWE-538High WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0) CWE-22CWE-22High WordPress Plugin Pike Firewall Information Disclosure (1.4) CWE-200CWE-200High WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)CVE-2012-3588 CWE-22CWE-22High WordPress Plugin Popup Maker-Popup Forms, Optins & More Information Disclosure (1.8.11)CVE-2019-17574 CWE-200CWE-200High WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6) CWE-538CWE-538High WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1) CWE-538CWE-538High WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0) CWE-538CWE-538High WordPress Plugin RB Agency Local File Disclosure (2.4.7) CWE-22CWE-22High WordPress Plugin Recent Backups Arbitrary File Download (0.7)CVE-2015-1000006 CWE-22CWE-22High WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)CVE-2015-9464 CWE-22CWE-22High WordPress Plugin Save Contact Form 7 Information Disclosure (2.0) CWE-200CWE-200High WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1)CVE-2014-9511 CWE-538CWE-538High WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17) CWE-22CWE-22High WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0) CWE-538CWE-538High WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4) CWE-200CWE-200High WordPress Plugin ShareYourCart Information Disclosure (1.6.1)CVE-2012-4332 CWE-200CWE-200High WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure (2.0.5)CVE-2014-4942 CWE-200CWE-200High WordPress Plugin Simple Backup Arbitrary File Download (2.7.10) CWE-538CWE-538High WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0) CWE-22CWE-22High WordPress Plugin Simple File List Arbitrary File Download (3.2.7)CVE-2022-1119 CWE-538CWE-538High WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)CVE-2012-6313 CWE-200CWE-200High WordPress Plugin Simple History Information Disclosure (1.0.7) CWE-200CWE-200High WordPress Plugin Simple History Information Disclosure (2.7.4) CWE-200CWE-200High WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)CVE-2015-1000010 CWE-538CWE-538High WordPress Plugin Simply Static Arbitrary File Download (1.6.2) CWE-22CWE-22High WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4) CWE-538CWE-538High WordPress Plugin Slack-Chat Information Disclosure (1.5.5)CVE-2019-14367 CWE-200CWE-200High WordPress Plugin Slideshow Information Disclosure (2.2.21)CVE-2015-3634 CWE-200CWE-200High WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12) CWE-79 CWE-200CWE-79 CWE-200High WordPress Plugin SL User Create Information Disclosure (0.2.4) CWE-200CWE-200High WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1) CWE-94 CWE-200CWE-94 CWE-200High WordPress Plugin Social Network Tabs Information Disclosure (1.7.1)CVE-2018-20555 CWE-200CWE-200High WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3) CWE-352 CWE-538CWE-352 CWE-538High WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0) CWE-200CWE-200High WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7) CWE-79CWE-79High WordPress Plugin Stop User Enumeration Security Bypass (1.3.18) CWE-264CWE-264High WordPress Plugin Stop User Enumeration User Enumeration (1.2.4) CWE-203CWE-203High WordPress Plugin Stop User Enumeration User Enumeration (1.3.4) CWE-203CWE-203High WordPress Plugin Stop User Enumeration User Enumeration (1.3.8) CWE-203CWE-203High WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2) CWE-200CWE-200High WordPress Plugin Super Refer A Friend Information Disclosure (1.0) CWE-200CWE-200High WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)CVE-2015-5471 CWE-22CWE-22High WordPress Plugin Theme Editor Arbitrary File Download (2.5)CVE-2021-24154 CWE-538CWE-538High WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3) CWE-22CWE-22High WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)CVE-2021-24585 CWE-200CWE-200High WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7) CWE-22CWE-22High WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9) CWE-200CWE-200High WordPress Plugin TRADIES Information Disclosure (2.2.6) CWE-200CWE-200High WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1) CWE-22CWE-22High WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1) CWE-22CWE-22High WordPress Plugin Ultimate Member-User Profile, User Registration, Login & Membership Information Disclosure (1.2.5) CWE-200CWE-200High WordPress Plugin UnGallery Local File Disclosure (1.5.8) CWE-22CWE-22High WordPress Plugin Unyson Information Disclosure (2.7.18) CWE-200CWE-200High WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5) CWE-538CWE-538High WordPress Plugin User Meta Manager Information Disclosure (3.4.7) CWE-200CWE-200High WordPress Plugin User Profile Picture Information Disclosure (2.4.0)CVE-2021-24170 CWE-200CWE-200High WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)CVE-2012-1786 CWE-200CWE-200High WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)CVE-2012-6651 CWE-22CWE-22High WordPress Plugin W3 Total Cache Arbitrary File Disclosure (0.9.3)CVE-2019-6715 CWE-538CWE-538High WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4) CWE-200CWE-200High WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)CVE-2019-15330 CWE-538CWE-538High WordPress Plugin Welcart e-Commerce Information Disclosure (2.2.7) CWE-200CWE-200High WordPress Plugin WooCommerce Arbitrary File Download (3.4.5) CWE-538CWE-538High WordPress Plugin WooCommerce Email Test Information Disclosure (1.5) CWE-200CWE-200High WordPress Plugin WooCommerce Information Disclosure (4.5.2)CVE-2020-29156 CWE-200CWE-200High WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1) CWE-200CWE-200High WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)CVE-2014-5337 CWE-264CWE-264High WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)CVE-2015-9269 CWE-200CWE-200High WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)CVE-2015-4703 CWE-538CWE-538High WordPress Plugin WordPress Social Stream Information Disclosure (1.6) CWE-522CWE-522High WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60) CWE-22CWE-22High WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0) CWE-22CWE-22High WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3) CWE-22CWE-22High WordPress Plugin WP-Live Chat by 3CX Information Disclosure (8.0.28) CWE-200CWE-200High WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1) CWE-22CWE-22High WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2) CWE-200CWE-200High WordPress Plugin WP Activity Log Information Disclosure (3.1.1)CVE-2018-8719 CWE-200CWE-200High WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3) CWE-538CWE-538High WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5) CWE-22CWE-22High WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)CVE-2011-1669 CWE-22CWE-22High WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)CVE-2015-5468 CWE-22CWE-22High WordPress Plugin WP Easy full backup Information Disclosure (1.4) CWE-200CWE-200High WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2) CWE-538CWE-538High WordPress Plugin WP Import Export Information Disclosure (3.9.15)CVE-2022-0236 CWE-200CWE-200High WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15)CVE-2022-0236 CWE-200CWE-200High WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure (1.2.1)CVE-2019-14365 CWE-200CWE-200High WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0)CVE-2014-9013 CVE-2014-9014 CWE-22CWE-22High WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7) CWE-22CWE-22High WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1) CWE-22 CWE-538CWE-22 CWE-538High WordPress Plugin WP PHP widget Information Disclosure (1.0.2)CVE-2013-0721 CWE-200CWE-200High WordPress Plugin WP REST API (WP API) Information Disclosure (1.2) CWE-200CWE-200High WordPress Plugin WP SlackSync Information Disclosure (1.8.5)CVE-2019-14366 CWE-200CWE-200High WordPress Plugin wp superb Slideshow Information Disclosure (2.4) CWE-200CWE-200High WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)CVE-2015-1000007 CWE-538CWE-538High WordPress Plugin Yoast SEO Information Disclosure (3.2.4) CWE-200CWE-200High WordPress Plugin Zip Attachments Arbitrary File Download (1.4)CVE-2015-4694 CWE-538CWE-538High WordPress REST API User Enumeration CWE-200CWE-200Low WordPress username enumeration CWE-200CWE-200Medium WordPress W3 Total Cache plugin predictable cache filenamesCVE-2012-6077 CVE-2012-6078 CVE-2012-6079 CWE-200CWE-200High WPEngine _wpeprivate/config.json information disclosure CWE-200CWE-200High WS_FTP log file found CWE-538CWE-538Medium X-Forwarded-For HTTP header security bypass CWE-287CWE-287High XML entity injection CWE-611CWE-611High XML external entity injection CWE-611CWE-611High XML external entity injection (variant) CWE-611CWE-611High XML external entity injection and XML injection CWE-611CWE-611High XML external entity injection via external file CWE-611CWE-611High XML external entity injection via File Upload CWE-611CWE-611High Yii2 debug toolkit CWE-200CWE-200Medium Zend framework configuration file information disclosure CWE-538CWE-538High Zend Framework local file disclosure via XXE injectionCVE-2012-3363 CVE-2015-5161 CWE-611CWE-611High What is disclosure in information security?Information disclosure, also known as information leakage, is when a website unintentionally reveals sensitive information to its users. Depending on the context, websites may leak all kinds of information to a potential attacker, including: Data about other users, such as usernames or financial information.
What are the different types of security disclosures?The paths to vulnerability disclosure that an organization can take include the following.. Responsible disclosures. ... . Coordinated vulnerability disclosures. ... . Self-disclosures. ... . Third-party disclosures. ... . Vendor disclosures. ... . Full disclosures.. Which of the following is an example of information disclosure?Some basic examples of information disclosure are as follows: Revealing the names of hidden directories, their structure, and their contents via a robots. txt file or directory listing. Providing access to source code files via temporary backups.
What is CVE in security?CVE stands for Common Vulnerabilities and Exposures. CVE is a glossary that classifies vulnerabilities. The glossary analyzes vulnerabilities and then uses the Common Vulnerability Scoring System (CVSS) to evaluate the threat level of a vulnerability.
|