FastDup < 2.1.8 - Sensitive Information Exposure via Log File

Description The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.7 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including...

Uncanny Automator < 5.1.0.3 - Sensitive Information Exposure via Log File

Description The Uncanny Automator – Automate everything with the 1 no-code automation and integration plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0.2 via the plugin's log file. This makes it possible for unauthenticated...

Defender Security < 4.2.0 - Sensitive Information Exposure via Log File

Description The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.1.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data...

PT-2024-1258 · Qualcomm +1 · Qualcomm Wi-Fi Son Ldb Service +1

Name of the Vulnerable Software and Affected Versions: Synology RT6600ax affected versions not specified Description: The issue exists due to insufficient input validation in the Qualcomm Wi-Fi SON LDB Service, which can lead to memory corruption while redirecting log files to any location with a...

Brother iPrint&Scan Desktop for Windows vulnerable to improper link resolution before file access

Overview iPrint Desktop for Windows provided by Brother Industries, Ltd. outputs logs to a certain log file. The affected version of the product does not check whether the log file is a normal file or a symbolic link to a certain file CWE-59. Chris Au reported this vulnerability to Brother...

CVE-2023-6802

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a...

CVE-2023-6746

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the...

CVE-2023-6802

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a...

Design/Logic Flaw

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the...

CVE-2023-6802

CVE-2023-6802 describes an information-in-logs vulnerability in GitHub Enterprise Server where sensitive data could be inserted into the audit log, potentially allowing access to the management console. Affected product: GitHub Enterprise Server (all versions since 3.8). Root cause: insertion of ...

CVE-2023-6802 Sensitive Information in Log File in GitHub Enterprise Server

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a...

CVE-2023-6802 Sensitive Information in Log File in GitHub Enterprise Server

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a...

CVE-2023-6746 Sensitive Information in Log File in GitHub Enterprise Server

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the...

CVE-2023-6746 Sensitive Information in Log File in GitHub Enterprise Server

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the...

CVE-2023-6746

CVE-2023-6746 affects GitHub Enterprise Server back-end logging: an insertion of sensitive information into log files could enable a man-in-the-middle-like scenario when combined with phishing, if an attacker can access log files, backups, or streamed logs. Affected versions include all releases ...

Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)

This is part five of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you havent already. You can skip to the other parts using this table of...

Windows CLFS and five exploits used by ransomware operators

In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows...

Windows CLFS and five exploits used by ransomware operators (Exploit #5 – CVE-2023-28252)

This is part six of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you havent already. You can go to other parts using this table of...

PT-2023-32755 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.7.19 GitHub Enterprise Server versions prior to 3.8.12 GitHub Enterprise Server versions prior to 3.9.7 GitHub Enterprise Server versions prior to 3.10.4 GitHub Enterprise Server versions prior to...

CVE-2023-41314

The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...