163 matches found
CVE-2023-7204
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...
CVE-2023-7204
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...
Design/Logic Flaw
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...
CVE-2023-7204 WP STAGING WordPress Backup Plugin < 3.2.0 - Unauthorized Sensitive Data Exposure
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...
CVE-2023-7204
The CVE-2023-7204 entry concerns the WP STAGING WordPress Backup Plugin prior to version 3.2.0, which allows unauthorized access to cache files during the cloning process, leading to sensitive data exposure. Public references (NVD, Patchstack) confirm unauthenticated access risk and indicate the ...
CVE-2024-21619
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system...
PT-2024-1427 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series and EX Series versions earlier than 20.4R3-S9 Juniper Networks Junos OS on SRX Series and EX Series 21.2 versions earlier than 21.2R3-S7 Juniper Networks Junos OS on SRX Series and EX Series 21.3 versio...
WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.2.0 - Unauthorized Sensitive Data Exposure
Description The plugin allows access to cache files during the cloning process which provides unauthorized access to sensitive data PoC 1 When an admin creates a staging site, an attacker can capture a .cache file which reveals sensitive information including: DBname, DBtables, DBcolumns. 2 These...
WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download
Description The plugin does not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later. PoC The plugin creates temporary cache files when backing up sites, which are publicly accessible to anyone. Said cache...
Fedora 38 : cutter-re / rizin (2023-af305bed3d)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-af305bed3d advisory. rebase rizin to v0.5.1 and cutter-re to 0.2.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
SUSE CVE-2007-1507
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...
SUSE CVE-2011-0727
GNOME Display Manager gdm 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a 1 dmrc or 2 face icon file under /var/cache/gdm/...
SUSE CVE-2014-3219
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on 1 /tmp/fishd.log.%s, 2 /tmp/.pac-cache.$USER, 3 /tmp/.yum-cache.$USER, or 4 /tmp/.rpm-cache.$USER...
SUSE CVE-2017-8418
RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users...
GLSA-202209-06 : Rizin: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202209-06 Rizin: Multiple Vulnerabilities - Rizin v0.4.0 and below was discovered to contain an integer overflow via the function getlongobject. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted...
CVE-2022-36042 Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execu...
Jython Improper Access Restrictions vulnerability
Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors...
GSD-2022-1000986 cachefiles: unmark inode in use in error path
cachefiles: unmark inode in use in error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.4 by commit...
CVE-2021-31798
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...
CVE-2021-31798
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...