91 matches found
Design/Logic Flaw
The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrcclearcache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's...
CVE-2023-1868 YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset
The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrcclearcache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's...
CVE-2023-1868
CVE-2023-1868 affects the YourChannel WordPress plugin (versions
WordPress plugin YourChannel 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-17297 · WordPress · Yourchannel
Name of the Vulnerable Software and Affected Versions: YourChannel plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to a missing capability check when clearing the plugin cache via the yrc clear cache GET parameter. This allows unauthenticated attackers ...
Cross site request forgery (csrf)
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearpagecache function. This makes it possible for unauthenticated attackers to clear the...
SUSE CVE-2016-1694
browser/browsingdata/browsingdataremover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority...
Authorization
The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...
CVE-2023-0447
The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...
Password change doesn't result in Karaf clearing cache
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared e.g. via restart...
Cross-Site Request Forgery (CSRF) in liangliangyy/djangoblog
Description Hi there, I would like to report a Cross Site Request Forgery in djangoblog source code. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker t...
CVE-2021-26833
Cleartext Storage in a File or on Disk in TimelyBills = 1.7.0 for iOS and versions = 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding...
Design/Logic Flaw
Cleartext Storage in a File or on Disk in TimelyBills = 1.7.0 for iOS and versions = 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding...
CVE-2021-26833
Cleartext Storage in a File or on Disk in TimelyBills = 1.7.0 for iOS and versions = 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding...
Key Caching behavior in the DynamoDB Encryption Client.
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...
DBHcms Access Control Error Vulnerability
DBHcms is a small, free and open source content management system for personal and small business websites. An access control error vulnerability exists in DBHcms 1.2.0. The vulnerability stems from an access control failure to clear cache operation at line 175 of dbhcmspage.php. An attacker can...
www/varnish6 -- Denial of Service
The Varnish Team reports: A failure in HTTP/1 parsing can allow a remote attacker to trigger an assertion in varnish, restarting the daemon and clearing the cache...
Hijacked Environment Variables
Overview The fabric-js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...
CVE-2017-2400
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing...
CVE-2016-1694
browser/browsingdata/browsingdataremover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority...