GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve th...

Debug Log Manager < 2.2.2 - Subscriber+ Debug Log Clearing

Description The plugin does not have authorisation when clearing debug logs, allowing any authenticated users, such as subscriber to perform such action...

ProfilePress < 4.13.3 - Information Disclosure via Debug Log

Description The ProfilePress plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.13.2 via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system error...

EWWW Image Optimizer < 7.2.1 - Unauthenticated Sensitive Information Exposure via Debug Log

Description The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debuglog function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled...

WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure

Software Debug Log Manager Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-6136 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1d071b872ee6 Credits Joshua...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ewww Image_Optimizer

CVE-2023-40600 EWWW Image Optimizer = 7.2.0 - Unauthentica...

Design/Logic Flaw

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

CVE-2023-45875

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

CVE-2023-45875

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

PYSEC-2023-235

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

PYSEC-2023-235

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

Couchbase Server Security Vulnerability

Couchbase Server is a distributed open-source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text search and active global replication. A security vulnerability exists in Couchbase Server version 7.2.0, which stems from a private key leak in debug.log...

CVE-2023-45875

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

PT-2023-29738 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server version 7.2.0 Description: An issue was discovered in Couchbase Server where there is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster. Recommendations: For Couchbase Server version 7.2.0, consider...

CVE-2023-45875

CVE-2023-45875 affects Couchbase Server 7.2.0, where a private key leak can occur in debug.log when adding a pre-7.0 node to a 7.2 cluster. The available connected sources describe the issue and its context but do not provide a specific remediation or patched version within the documents. Practic...

Information Disclosure

Apache Santuario - XML Security is vulnerable to Information Disclosure. The vulnerability is due to a key exposed as a part of debug log when debug level is enabled. This can lead to Information Disclosure if an attacker has access to the logs...

CVE-2023-44483 Apache Santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

CVE-2023-44483 Apache Santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

CVE-2023-5028

A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04CT2015Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical...