** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor’s position is that this is intended functionality.
CWE-200
CVE-2019-1489
An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka ‘Remote Desktop Protocol Information Disclosure Vulnerability’.
CVE-2019-14839
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.
CVE-2019-1487
An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka ‘Microsoft Authentication Library for Android Information Disclosure Vulnerability’.
CVE-2019-14800
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.
CVE-2019-1472
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1474.