WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.2.0 - Unauthorized Sensitive Data Exposure

Description The plugin allows access to cache files during the cloning process which provides unauthorized access to sensitive data 1 When an admin creates a staging site, an attacker can capture a .cache file which reveals sensitive information including: DBname, DBtables, DBcolumns. 2 These fil...

CVE-2023-43291

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component...

WordPress plugin Hummingbird 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

Wago PFC200 iocheckd service 'I/O-Check' cache gateway Memory Corruption (CVE-2019-5184)

An exploitable double free vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code...

Wago PFC200 iocheckd service 'I/O-Check' cache Memory Corruption (CVE-2019-5185)

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an...

Hummingbird < 3.4.2 - Unauthenticated Path Traversal

The plugin does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. This allows an attacker to: - Enumerate file system directories where the user who starts the web server process has write access. -...

FreeBSD : curl -- multiple vulnerabilities (be233fc6-bae7-11ed-a4fb-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the be233fc6-bae7-11ed-a4fb-080027f5fec9 advisory. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that...

SUSE CVE-2003-0887

ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file...

SUSE CVE-2006-5973

Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmapdisable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service crash via unspecified vectors involving the cache file...

SUSE CVE-2013-2217

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...

SUSE CVE-2014-9838

magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service crash...

SUSE CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5173)

An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...

Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5174)

An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted...

Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5175)

An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...

Wago PFC200 iocheckd service 'I/O-Check' cache Code Execution (CVE-2019-5178)

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service I/O-Check' functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...

Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5170)

An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...

Wago PFC200 iocheckd service 'I/O-Check' cache Code Execution (CVE-2019-5181)

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service I/O-Check' functionality of WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in cod...

PT-2023-1267 · Dompdf +1 · Dompdf +1

Name of the Vulnerable Software and Affected Versions: Dompdf version 2.0.1 Dompdf versions prior to 8.0.0 Description: The issue is related to the incorrect order of authorization checks before syntax analysis and canonization when processing tags with uppercase letters in SVG parsing. This can...

GHSA-8R7Q-CVJQ-X353 Incorrect Privilege Assignment in Jinja2

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...