Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error...

PT-2026-25818

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

CVE-2024-21866

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request...

PT-2023-8490 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.5-milestone-1 through 14.10.8 XWiki Platform versions 15.3-rc-1 and earlier Description: The issue is related to the disclosure of information in the error data area of the XWiki Platform, specifically in the...

PT-2021-6507 · Saltstack +2 · Saltstack Salt +2

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3003.3 Description: The issue is related to information disclosure in the error data area of the Salt configuration management and remote execution system. Exploitation of this issue allows a remote attacker t...

IBM Security Access Manager Information Disclosure Vulnerability (CNVD-2017-01305)

IBM Security Access Manager is a security access manager from IBM USA. A security vulnerability exists in IBM Security Access Manager. An attacker could exploit the vulnerability by sending a specially crafted HTTP request to obtain sensitive information from an error message...