Yii Cross-site Scripting Framework vulnerability

An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception-errorInfo is mishandled...

GHSA-3F2C-JM6V-CR35 Django DNS Rebinding Vulnerability

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...

Cross-site Scripting in Apache Struts

When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...

GHSA-VWHV-J36G-5RM8 Cross-site Scripting in Apache Struts

When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...

GHSA-PWJQ-6WRH-5W8Q Withdrawn Advisory: OnionShare Predictable Pathname

Withdrawn Advisory This advisory has been withdrawn because the advisory concerns the repository https://github.com/onionshare/onionshare, which is not in a supported ecosystem. onionshare-cli is not affected by this issue. Original Description The debugmode function in web/web.py in OnionShare...

GHSA-6456-XJM5-G3PG Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

Code injection

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

CVE-2022-28161

CVE-2022-28161 affects Brocade SANNav prior to 2.2.0. The vulnerability is an information exposure through log files (debug mode) that could allow an authenticated, local attacker to view sensitive data such as SSH passwords stored in filetansfer.log when debug is enabled. Exploitation requires v...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Broadcom Brocade SANNav versions prior to 2.2.0, which can be exploited by an authenticated local attacker to view sensitive information in debug mode...

Glovo: Django debug enabled showing information about system, database, configuration files

Summary: Hi team, This subdomain pulpo.it.glovoint.com is a Django application running with debug mode turned on DEBUG = True . One of the main features of debug mode is the display of detailed error pages to help developers. If your app raises an exception when DEBUG is True, Django will display...

Graphql-Threat-Matrix - GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations

Why graphql-threat-matrix? graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. The differences in how GraphQL implementations interpret and conform to the GraphQL specification...

BSA-2022-1840

Security Advisory ID : BSA-2022-1840 Component : debug mode Revision : 1.0 An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in...

WordPress WC REST Payment plugin <= 1.4.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WC REST Payment plugin versions = 1.4.1. Solution No patched version available...

WordPress Email Header Footer plugin <= 1.2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Email Header Footer plugin versions = 1.2.1. Solution No patched version available...

WordPress Payment Page plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Payment Page plugin versions = 1.1. Solution Update the WordPress Payment Page plugin to the latest available version at least 1.1.1...