30 matches found
GHSA-PRG5-HG25-8GRQ Ability to switch channels via GET parameter enabled in production environments
Impact This vulnerability gives the ability to switch channels via the channelcode GET parameter in production environments. This was meant to be enabled only when %kernel.debug% is set to true. However, if no syliuschannel.debug is set explicitly in the configuration, the default value which is...
CVE-2020-5218
Affected versions of Sylius give attackers the ability to switch channels via the channelcode GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no syliuschannel.debug is set explicitly in the configuration, the default value...
Information disclosure
In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi...
FreeBSD : dokuwiki -- multiple vulnerabilities (fcba5764-506a-11db-a5ae-00508d6a62df)
Secunia reports : rgod has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the 'TARGETFN' parameter in bin/dwpage.php is not properly sanitised before being used to copy files. This can be exploited via director...
CVE-2006-4679
DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug"...
CVE-2006-4679
DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug"...
CVE-2006-4679
DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug"...
CVE-2006-4679
DokuWiki prior to 2006-03-09c is vulnerable: it enables the debug feature by default, allowing remote attackers to obtain sensitive information via doku.php when the X-DOKUWIKI-DO header is set to "debug". The issue is confirmed across multiple sources (NVD/OpenVAS/Gentoo GLSA). A remediation bar...
CVE-2006-4679
DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug"...
dokuwiki -- multiple vulnerabilities
Secunia reports: rgod has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "TARGETFN" parameter in bin/dwpage.php is not properly sanitised before being used to copy files. This can be exploited via directory...