CVE-2024-37925 WordPress BuddyBoss Theme theme <= 2.4.61 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in BUDDYBOSS LLC BuddyBoss Theme allows Cross Site Request Forgery.This issue affects BuddyBoss Theme: from n/a through 2.4.61...

WordPress plugin BuddyBoss Theme 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site request forge...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2769)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1

CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

Important: httpd

Issue Overview: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1

CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

WordPress BuddyBoss Theme theme <= 2.4.61 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress Theme BuddyBoss Theme versions = 2.4.61...

WordPress BuddyBoss Theme Theme <= 2.4.61 is vulnerable to Cross Site Request Forgery (CSRF)

Software BuddyBoss Theme Type Theme Vulnerable versions = 2.4.61 Fixed in 2.5.01 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37925 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1439d00bd43a Credits Dave Jong Patchsta...

PT-2024-5185 · Apache +6 · Apache Http Server +6

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.61 Description: The issue is related to the core of Apache HTTP Server, where a partial fix ignores some use of the legacy content-type based configuration of handlers. This can result in source code disclosure...

CVE-2024-39884

A flaw was found in httpd. The fix for CVE-2024-38476 ignores some uses of the legacy content-type based configuration of handlers. "AddType" and similar configurations, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

AZL-43174 CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

CVE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

Apache 2.4.x < 2.4.61

The version of Apache httpd installed on the remote host is prior to 2.4.61. It is, therefore, affected by a vulnerability as referenced in the 2.4.61 advisory. - Apache HTTP Server: source code disclosure with handlers configured via AddType: A regression in the core of Apache HTTP Server 2.4.60...