CVE-2024-7870

The PixelYourSite – Your smart PIXEL TAG & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for...

PT-2024-6177 · Unknown +4 · Clam Antivirus +4

Name of the Vulnerable Software and Affected Versions: Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions Description: The vulnerability is due to allowing th...

PT-2024-38647 · WordPress · Pixelyoursite Pro +1

Name of the Vulnerable Software and Affected Versions: PixelYourSite – Your smart PIXEL TAG & API Manager versions up to and including 9.7.1 PixelYourSite PRO versions up to and including 10.4.2 Description: The vulnerability allows unauthenticated attackers to view potentially sensitive...

ROS-20240902-12

The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials HTTP basic authentication credentials...

ROS-20240902-16

The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials HTTP basic authentication credentials A vulnerability in the net/http module o...

Symantec Messaging Gateway 9.5 Log File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Symantec Messaging Gateway 9.5 Log File Download Vulnerability', 'Description' = %q This module will download a file of your choice against...

Apache Flink JobManager Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JobManager Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Flink...

WordPress plugin AI Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

SUSE CVE-2024-22123

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbixserver will try to communicate with it as modem. As a result, log file will be broken with AT commands and...

CVE-2024-38196

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

CVE-2024-38196

CVE-2024-38196 is tied to the Windows Common Log File System Driver and is described as an Elevation of Privilege (local) vulnerability. The CVE is listed with a CVSSv3.1 base score of 7.8 (HIGH) and a local attack vector with low attack complexity, requiring low privileges and no user interactio...

CVE-2024-38196 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2024-38196 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2024-38747 WordPress HitPay Payment Gateway for WooCommerce plugin <= 4.1.3 - Sensitive Data Exposure via Log File vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3...

CVE-2024-38747 WordPress HitPay Payment Gateway for WooCommerce plugin <= 4.1.3 - Sensitive Data Exposure via Log File vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

Microsoft Windows Common Log File System Driver 输入验证错误漏洞

The Microsoft Windows Common Log File System Driver is a Microsoft Corporation Common Log File System CLFS API that provides a high-performance, common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize logging and access. access. An...

PT-2024-5711

Name of the Vulnerable Software and Affected Versions Windows Common Log File System Driver versions prior to 10.0.10240.20751 Windows 10 versions 10.0.14393.7259 Windows 10 versions 10.0.17763.6189 Windows 10 versions 10.0.19044.4780 Windows 10 versions 10.0.19045.4780 Description This issue is ...

PT-2024-7410 · Siemens · Scalance Mum856-1 +13

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RM1224 LTE4G EU versions V8.1 RUGGEDCOM RM1224 LTE4G NAM versions V8.1 SCALANCE M804PB versions V8.1 SCALANCE M812-1 ADSL-Router family versions V8.1 SCALANCE M816-1 ADSL-Router family versions V8.1 SCALANCE M826-2 SHDSL-Router...