1177 matches found
WordPress Guest Author Affiliate plugin <= 1.1.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Guest Author Affiliate plugin versions = 1.1.4. Solution Update the WordPress Guest Author Affiliate plugin to the latest available version at least 1.1.5...
WordPress GloriousThemes Starter Sites plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress GloriousThemes Starter Sites plugin versions = 1.0.1. Solution No patched version available...
WordPress Elementor Addon Elements plugin < 1.11.14 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Elementor Addon Elements plugin versions 1.11.14. Solution Update the WordPress Elementor Addon Elements plugin to the latest available version at least 1.11.14...
WordPress Woo Admin Product Notes plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Woo Admin Product Notes plugin versions = 1.0.0. Solution No patched version available...
WordPress Delivery for WooCommerce plugin <= 1.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Delivery for WooCommerce plugin versions = 1.0.4. Solution No patched version available...
WordPress Nitek Carousel Slider Cool Transitions plugin <= 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Nitek Carousel Slider Cool Transitions plugin versions = 1.1.0. Solution No patched version available...
WordPress FIT: Featured Image Toolkit plugin <= 1.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress FIT: Featured Image Toolkit plugin versions = 1.0.3. Solution No patched version available...
WordPress XT Variation Swatches for WooCommerce plugin <= 1.8.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress XT Variation Swatches for WooCommerce plugin versions = 1.8.0. Solution Update the WordPress XT Variation Swatches for WooCommerce plugin to the latest available version at least 1.8.1...
WordPress Simple Sponsorships plugin <= 1.8.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Simple Sponsorships plugin versions = 1.8.0. Solution Update the WordPress Simple Sponsorships plugin to the latest available version at least 1.8.1...
WordPress Hire Me Widget plugin <= 1.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Hire Me Widget plugin versions = 1.0.4. Solution Update the WordPress Hire Me Widget plugin to the latest available version at least 1.0.5...
Information Disclosure
microweber is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization in the Handler.php file allow to view sensitive information in debug mode...
Insertion of Sensitive Information Into Debugging Code
Description Laravel debug mode exposes sensitive data, eg: internal source codes, stack traces, sql queries, databases names, tables names, user's cookies, email, phone number, username, laravel version, php version, etc Proof of Concept 1. Login into http://demo.microweber.org 2. Navigate to thi...
CVE-2021-3551
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threa...
CVE-2021-3551
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threa...
DEBIAN-CVE-2021-3551
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threa...
CVE-2021-3551
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threa...
CVE-2021-3551
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threa...
CVE-2021-3551
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threa...
CVE-2021-3551
CVE-2021-3551 is described in connected documents as a vulnerability in the PKI-server where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This allows a local attacker to retrieve the log and obtain the admin password, enabling admin privile...
Ignition Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unauthenticated remote code execution in Ignition', 'Description' = %q Ignition before 2.5.2, as used in Laravel and other products, allows...