PT-2024-37706 · WordPress · Admin Post Navigation

Name of the Vulnerable Software and Affected Versions: Admin Post Navigation plugin for WordPress versions up to and including 2.1 Description: The issue allows unauthenticated attackers to retrieve the full path of the web application, which can aid other attacks. This is due to the plugin...

PT-2024-37702 · WordPress · Admin Trim Interface

Name of the Vulnerable Software and Affected Versions: Admin Trim Interface plugin for WordPress versions up to, and including, 3.5.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes bootstrap and leaves test files with display errors on. This...

PT-2024-37704 · WordPress · Add Admin Css

Name of the Vulnerable Software and Affected Versions: Add Admin CSS plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin uses bootstrap and leaves test files with display errors on. This allows...

CVE-2024-6553

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to...

CVE-2024-6553

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to...

CVE-2024-6553 WP Meteor Website Speed Optimization Addon <= 3.4.3 - Unauthenticated Full Path Disclosure

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to...

PT-2024-37710 · WordPress · Wp Meteor Website Speed Optimization Addon

Name of the Vulnerable Software and Affected Versions: WP Meteor Website Speed Optimization Addon plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes wpdesk and leaves test files with display...

CVE-2024-6565

The AForms — Form Builder for Price Calculator & Cost Estimation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.6. This is due to the plugin utilizing the aura library and allowing direct access to the phpunit test files. This makes it possibl...

PT-2024-37726 · WordPress · Glossary Plugin

Name of the Vulnerable Software and Affected Versions: Glossary plugin for WordPress versions up to, and including, 2.2.26 Description: The issue is due to the plugin utilizing wpdesk and not preventing direct access to the test files, along with display errors being enabled. This allows...

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

"Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying libra...

Pterodactyl 跨站请求伪造漏洞

Pterodactyl is an open source game server management panel built using PHP, Nodejs and Go. A cross-site request forgery vulnerability exists in Pterodactyl, which stems from the lack of proper CSRF protection in the product's routing configuration. An attacker could exploit the vulnerability to...

ASB-A-170240631

In ElementaryStreamQueue::dequeueAccessUnitH264 of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

openSUSE Security Update : ruby2.5 (openSUSE-2020-395)

This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. - CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. - CVE-2019-16254: Fixed...

SUSE-SU-2020:0737-1 Recommended update for ruby2.5

This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. - CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. - CVE-2019-16254: Fixed...

Western Bridge Cobub Razor Physical Path Disclosure Vulnerability (CNVD-2018-07345)

Western Bridge Cobub Razor is an open source mobile application analytics system. The system can provide users with detailed multi-dimensional reports and monitor their mobile applications and applications user behavior statistics. A security vulnerability exists in Western Bridge Cobub Razor...

CVE-2018-8770

Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php,...

python security, bug fix, and enhancement update

python: 2.6.6-20 Resolves: CVE-2010-3493 2.6.6-19 Resolves: CVE-2011-1015 2.6.6-18 Resolves: CVE-2011-1521 2.6.6-17 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-16 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-15 - fix race condition that sometimes breaks the build wi...

DEBIAN-CVE-2006-4976

The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for 1 server.php, 2 adodb-errorpear.inc.php, 3 adodb-iterator.inc.php, 4 adodb-pear.inc.php, 5 adodb-perf.inc.php, 6 adodb-xmlschema.inc.php, and 7 adodb.inc.php; files ...

NOVL-2005010098073 GroupWise Password Caching

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For Immediate Disclosure ============================== Summary ============================== Security Alert: NOVL-2005-10098073 Title: GroupWise Password Caching Date: 16-August-2005 Revision: Original Product Name: GroupWise 5.x, 6.x OS/Platforms:...