Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the process that writes configuration payloads to the audit log, where sensitive fields such as ldapsearchpassword and oidcclientsecret are not redacted. An attacker can obtain...

PT-2025-2604 · Zohocorp · Zoho Manageengine Applications Manager

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Applications Manager versions 174000 and prior Description: The issue is related to incorrect authorization in the update user function. This allows for potential unauthorized access or modifications. The estimated numbe...

PT-2024-39100 · Sourcecodester · Sourcecodester Php Crud

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP CRUD version 1.0 Description: A vulnerability was found in the software, classified as problematic. It affects the file /endpoint/update.php, where the manipulation of the first name, middle name, and last name arguments...

PT-2024-20419 · Unknown · Daily Habit Tracker

Name of the Vulnerable Software and Affected Versions: Daily Habit Tracker version 1.0 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the day, exercise, pray, read book, vitamins, laundry, alcohol, and meat parameters in the "add-tracker.php" and...

PT-2024-17684 · Juanpao · Juanpao Jpshop

Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical issue has been found, affecting the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted...

CVE-2023-34029

Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...

PT-2023-7750 · Sangoma +2 · Asterisk +3

Name of the Vulnerable Software and Affected Versions: Asterisk versions 18.20.0 and prior Asterisk versions 20.5.0 and prior Asterisk version 21.0.0 certified-asterisk versions 18.9-cert5 and prior Description: The issue is related to the PJSIP HEADER dialplan function in Asterisk, where the...

PT-2023-16918 · Liferea +2 · Liferea +2

Name of the Vulnerable Software and Affected Versions: liferea affected versions not specified Description: A critical issue has been found, affecting the function update job run of the file src/update.c in the component Feed Enrichment. The manipulation of the argument source with the input |dat...

PT-2023-15450 · Unknown +1 · Gpac Mp4Box +1

Name of the Vulnerable Software and Affected Versions: GPAC MP4box version 2.1-DEV-rev593-g007bf61a0 Description: The issue is related to a Buffer Overflow in the eac3 update channels function, located in the media tools/av parsers.c file at line 9113. This function is part of the GPAC MP4box...

firefox security, bug fix, and enhancement update

3.6.4-8.0.1.el4 - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones 3.6.4-8.el4 - Update to 3.6.4 build 7 - Disable checking for updates since they can't be applied 3.6.4-7.el4 - Update to 3.6.4 build 6 3.6.4-6.el4 - Update to...