62 matches found
CVE-2024-6477
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...
CVE-2023-6505
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files...
CVE-2023-6592
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files...
GHSA-4HXW-GC2Q-F6F3 Filament has exported files stored in default (`public`) filesystem if not reconfigured
All Filament features that interact with storage use the defaultfilesystemdisk config option. This allows the user to easily swap their storage driver to something production-ready like s3 when deploying their app, without having to touch multiple configuration options and potentially forgetting...
CVE-2023-6592
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files...
CVE-2023-6592
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files...
Design/Logic Flaw
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files...
PT-2024-15017
Name of the Vulnerable Software and Affected Versions FastDup WordPress plugin versions prior to 2.2 Description The issue concerns the FastDup WordPress plugin, which does not prevent directory listing in sensitive directories containing export files. This could potentially expose sensitive...
CVE-2023-6505
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files...
CVE-2023-6505
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files...
Design/Logic Flaw
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files...
PT-2024-14982 · WordPress · Migrate Wordpress Website & Backups
Name of the Vulnerable Software and Affected Versions: Migrate WordPress Website & Backups WordPress plugin versions prior to 1.9.3 Description: The issue concerns the Migrate WordPress Website & Backups WordPress plugin, which does not prevent directory listing in sensitive directories containin...
SUSE CVE-2016-9855
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...
SUSE CVE-2016-9853
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...
WordPress plugin Advanced Order Export For WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2022-33180
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”...
phpMyAdmin Remote Code Execution
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...
CVE-2021-22741
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...
CVE-2021-24249
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as...
CVE-2021-24146
Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example...