CVE-2021-33540

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists...

Design/Logic Flaw

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists...

CVE-2021-33540

The CVE affects Phoenix Contact AXL F BK and IL BK devices, where an undocumented password-protected FTP access to the root directory exists. The root cause is an insecure/undocumented FTP auth path, enabling access to the device’s root filesystem. The available data indicate a high-severity impa...

Phoenix Contact AXL F BK and IL BK 信任管理问题漏洞

Phoenix Contact AXL F BK PN is a bus coupler from Phoenix Contact, Germany. A security vulnerability exists in the Phoenix Contact AXL F BK and IL BK that stems from the program having undocumented password-protected FTP access to the root directory...

CVS Health Records for 1.1 Billion Customers Exposed

More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online. Researchers said the data points revealed could be strung together to create an extremely personal snapshot of someones’s medical situation. The glitch i...

Code injection

Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded t...

Session Fixation in Nextcloud Talk

None...

[SECURITY] [DLA 2630-1] wordpress security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2630-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta April 21, 2021 https://wiki.debian.org/LTS -...

Privilege Escalation

Wordpress is vulnerable to privilege escalation. An attacker with contributor privileges gets access to password-protected posts and page via one of the blocks in the WordPress editor...

CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

DEBIAN-CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

CVE-2021-29450 WordPress Authenticated disclosure of password-protected posts and pages

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure

Description The Latest Posts block in the WordPress editor can be exploited in a way that exposes password-protected posts and pages via the posts REST API when the "edit" context was used. This requires at least contributor privileges. 1. As one user, create a new password protected post. Ensure...

WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure

Description The Latest Posts block in the WordPress editor can be exploited in a way that exposes password-protected posts and pages via the posts REST API when the "edit" context was used. This requires at least contributor privileges. PoC 1. As one user, create a new password protected post...

WordPress 信息泄露漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in Wordpress CMS that originates from being used ...

PT-2021-4051 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.7.1 Description: The issue is related to the exposure of information in WordPress, a content management system. It involves the exploitation of a block in the WordPress editor, which can expose password-protected...

Important: unzip

Issue Overview: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service infinite loop via empty bzip2 data in a ZIP archive. CVE-2015-7697 Buffer overflow in the zishort function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via a...