1177 matches found
PT-2024-30538 · Umbraco · Umbraco
Name of the Vulnerable Software and Affected Versions: Umbraco versions prior to 14.1.2 Description: The issue concerns Umbraco, an ASP.NET CMS, where some endpoints in the Management API can return stack trace information even when Umbraco is not in debug mode. This can occur, for example, when...
Exploit for Race Condition in Openbsd Openssh
CVE-2024-6387 regreSSHion Proof of concept python script for...
Exploit for Race Condition in Openbsd Openssh
CVE-2024-6387 regreSSHion Proof of concept python script for...
BIT-HUBBLE-UI-BACKEND-2023-29002
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
BIT-HUBBLE-UI-2023-29002
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
BIT-CILIUM-PROXY-2023-29002
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
CVE-2020-11843 Potential information leakage in administrator enabled debug mode
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before...
Concrete CMS Debug Mode Enabled
Concrete CMS installed on the remote host is configured to operate in debug mode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications. No source data...
BIT-HUBBLE-2023-29002
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
GHSA-QG5R-95M4-MJGJ Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. Conditions for vulnerability reproduction The framework is in debug mode YIIDEBUG set to true. The...
Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. Conditions for vulnerability reproduction The framework is in debug mode YIIDEBUG set to true. The...
CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...
CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...
BIT-HUBBLE-RELAY-2023-29002 Debug mode leaks confidential data in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
BIT-CILIUM-2023-29002 Debug mode leaks confidential data in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
BIT-CILIUM-OPERATOR-2023-29002 Debug mode leaks confidential data in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
RHEL 7 : docker (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - docker: IPv6 router advertisements allow for MitM attacks CVE-2020-13401 - docker: cli leaks private...
SUSE CVE-2024-27067
In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN when unbinding an event channel When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIGDEBUGSHIRQ. This might cause a WARN in the handle...
Facade Ignition < 1.16.14 / 2.x < 2.4.2 / 2.5.x < 2.5.2 RCE
The version of Facade Ignition installed of the remote host is prior to 1.16.14, or 2.x prior to 2.4.2, or 2.5.x prior to 2.5.2. It is, therefore, affected by a remote code execution vulnerability. Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attacke...
WP 404 Auto Redirect to Similar Post < 1.0.5 - Reflected Cross-Site Scripting via Debug Mode URI
Description The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URI in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...