Nextcloud: Exposing debug.log file leads to server full path disclosure

The debug.log file on the nextcloud.com website was publicly accessible and contained sensitive information, including the server's full directory path. This type of information disclosure could have assisted attackers in understanding the internal structure of the server...

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 CVSS score: 7.5, impacts versions before and includin...

Exploit for Insufficiently Protected Credentials in Litespeedtech Litespeed_Cache

Poc LiteSpeed Cache CVE-2024-44000 Exploit CVE-2024-44000 is a...

CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

CVE-2024-20440

CVE-2024-20440 affects Cisco Smart Licensing Utility (CSLU). An unauthenticated, remote attacker can access sensitive information due to excessive verbosity in a debug log file. Exploitation involves sending a crafted HTTP request to an affected device, potentially exposing log files containing c...

PT-2024-5914 · Cisco · Cisco Smart License Utility

Name of the Vulnerable Software and Affected Versions: Cisco Smart Licensing Utility affected versions not specified Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessiv...

Elasticsearch Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessi...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that stems from critical information being contained in debug log files, which could be stolen by a third party with access to the multifunction device...

Debug Log Manager < 2.3.2 - Missing Authorization

Description The Debug Log Manager plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getlatestentries and disablewpfileeditor functions in versions up to, and including, 2.3.1. This makes it possible for authenticated...

CVE-2024-35669

Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1...

CVE-2024-35669 WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1...

CVE-2024-35669 WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1...

CVE-2024-35669

CVE-2024-35669 is a Missing Authorization flaw in the WordPress plugin Debug Log Manager, affecting versions up to 2.3.1. The CVSSv3.1 base score is 8.8 (High). The connected Wordfence entry shows the vulnerability patch as Patched (no exploitation details provided). Monitor for updates and verif...

PT-2024-26616 · Unknown · Bowo Debug Log Manager

Name of the Vulnerable Software and Affected Versions: Bowo Debug Log Manager versions 2.3.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Bowo Debug Log Manager. This vulnerability exposes unprotected logs. Recommendations: For versions 2.3.1 and...

WordPress plugin Debug Log Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-36843 · WordPress · Cf7 Google Sheets Connector

Name of the Vulnerable Software and Affected Versions: CF7 Google Sheets Connector plugin for WordPress versions up to, and including, 5.0.9 Description: The issue is related to a missing capability check on the execute post data cg7 free function, allowing unauthenticated attackers to modify dat...

WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Debug Log Manager versions = 2.3.1...

CVE-2024-34798

Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger Tool.This issue affects Debug Log – Manger Tool: from n/a through 1.4.5...

CVE-2024-34798 WordPress Debug Log – Manger Tool plugin <= 1.4.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger Tool.This issue affects Debug Log – Manger Tool: from n/a through 1.4.5...