CWE-200

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI.

The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker’s application to read scanned documents.

/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter.

Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files.

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 140763.

Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code.