1179 matches found
Umbraco 安全漏洞
Umbraco is an open source content management system CMS written in C by the Danish company Umbraco. A security vulnerability exists in Umbraco versions prior to 14.1.2, which stems from the fact that certain endpoints in the management API can return stack trace information even if Umbraco is not...
PT-2024-30538 · Umbraco · Umbraco
Name of the Vulnerable Software and Affected Versions: Umbraco versions prior to 14.1.2 Description: The issue concerns Umbraco, an ASP.NET CMS, where some endpoints in the Management API can return stack trace information even when Umbraco is not in debug mode. This can occur, for example, when...
Exploit for Race Condition in Openbsd Openssh
CVE-2024-6387 regreSSHion Proof of concept python script for...
Exploit for Race Condition in Openbsd Openssh
CVE-2024-6387 regreSSHion Proof of concept python script for...
BIT-HUBBLE-UI-BACKEND-2023-29002
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
BIT-HUBBLE-UI-2023-29002
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
BIT-CILIUM-PROXY-2023-29002
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
CVE-2020-11843 Potential information leakage in administrator enabled debug mode
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before...
Concrete CMS Debug Mode Enabled
Concrete CMS installed on the remote host is configured to operate in debug mode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications. No source data...
The vulnerability of the Debug Mode mode in the PHP framework Yii allows attackers to perform cross-site scripting attacks.
The vulnerability of the Debug Mode mode in the Yii PHP framework lies in the lack of protection for the structure of web pages, due to incorrect handling of function arguments during stack tracing. Exploiting this vulnerability allows an attacker to perform cross-site scripting attacks remotely...
BIT-HUBBLE-2023-29002
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
GHSA-QG5R-95M4-MJGJ Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. Conditions for vulnerability reproduction The framework is in debug mode YIIDEBUG set to true. The...
Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. Conditions for vulnerability reproduction The framework is in debug mode YIIDEBUG set to true. The...
CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...
CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...
BIT-HUBBLE-RELAY-2023-29002 Debug mode leaks confidential data in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
BIT-CILIUM-2023-29002 Debug mode leaks confidential data in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
BIT-CILIUM-OPERATOR-2023-29002 Debug mode leaks confidential data in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
RHEL 7 : docker (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - docker: IPv6 router advertisements allow for MitM attacks CVE-2020-13401 - docker: cli leaks private...
SUSE CVE-2024-27067
In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN when unbinding an event channel When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIGDEBUGSHIRQ. This might cause a WARN in the handle...