492 matches found
All Vulnerabilities for businessforhome.org Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| businessforhome.org ---|--- Open Bug...
CVE-2021-3039
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...
CVE-2021-3039
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...
CVE-2021-3039
CVE-2021-3039 affects Palo Alto Networks Prisma Cloud Compute Console. The issue is an information exposure where a secret used to authorize the authenticated user’s role is logged to a debug log file, enabling an authenticated Operator or Auditor with log access to potentially elevate to Adminis...
Prisma Cloud Compute: User role authorization secret for Console leaked through log file export
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...
Couchbase Server 安全漏洞
Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta, which stems from a fault...
CVE-2021-25645
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @nsserver, leaks credentials in cleartext in the cbcollectinfo.log, debug.log, nscouchdb.log, indexer.log, and stats.log files. NOTE:...
JetBrains PhpStorm 安全漏洞
JetBrains PhpStorm is an application from the Czech JetBrains company. It provides an application for writing code. A security vulnerability exists in JetBrains PhpStorm before 2020.3, which originates from code that can be added to the debug log...
EPA scan results are not getting displayed in ns.log when EPA policies are configured through N-Factor Authentication.
When EPA policies are configured through N-Factor Authentication, then EPA Scan results will not be displayed in the ns.log despite Debug log level is enabled...
WordPress easy-wp-smtp plugin log message disclosure vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A log information disclosure vulnerability exists in the WordPress easy-wp-smtp plugin prior to...
Easy WP SMTP Plugin for WordPress < 1.4.3 Debug Log Disclosure
The WordPress Easy WP SMTP Plugin installed on the remote host is affected by a debug log file disclosure that could allow an unauthenticated user to reset the admin password. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...
CVE-2020-35234
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file such as debuglog.txt that contains all password-reset link...
CVE-2020-35234
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file such as debuglog.txt that contains all password-reset link...
VulnCheck KEV: CVE-2020-35234
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file such as debuglog.txt that contains all...
Easy WP SMTP < 1.4.3 - Debug Log Disclosure
The plugin has an optional debug log file generated with a random name, located in the plugin folder and which contains all email messages sent. However, this folder does not have any index page, allowing access to log file on servers with the directory listing enabled or misconfigured. This coul...
ReQuest Serious Play F3 Media Server 7.0.3 - Debug Log Disclosure
Exploit Title: ReQuest Serious Play F3 Media Server 7.0.3 - Debug Log Disclosure Exploit Author: LiquidWorm Software Link: http://request.com/ Version: 3.0.0 ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure Vendor: ReQuest Serious Play LLC Product web page: http://www.request.com...
ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure
ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure Vendor: ReQuest Serious Play LLC Product web page: http://www.request.com Affected version: 7.0.3.4968 Pro 7.0.2.4954 6.5.2.4954 6.4.2.4681 6.3.2.4203 2.0.1.823 Summary: F3 packs all the power of ReQuest's multi-zone serious Play...
ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure
Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The unprotected web management server is vulnerable to sensitive...
CVE-2020-13881
In support.c in pamtacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used...
CVE-2019-10213
OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator b...