LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure

The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

WordPress LiteSpeed Cache Cookie Theft

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress LiteSpeed Cache plugin cookie theft', 'Description' = %q This module exploits an unauthenticated account takeover vulnerability in...

WordPress LiteSpeed Cache Plugin < 6.5.0.1 Account Takeover Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:litespeedtech:litespeedcache"; if description...

CVE-2023-40600

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

CVE-2023-40600

Affected software: WordPress EWWW Image Optimizer plugin ≤ 7.2.0. Vulnerability: Sensitive information exposure via the debug_log function, allowing unauthenticated access to sensitive debug data when debug logging is enabled. Root cause/vector: debug_log writes internal data to logs accessible t...

CVE-2023-45875

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

Design/Logic Flaw

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

CVE-2023-45875

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

Mars: debug.log File Exposure that exposes (user/████) username and password at █████████

A debug log file exposure vulnerability was discovered that allowed sensitive information to be viewed. The debug log file contained a username and password, which could enable unauthorized access to the application if exploited. To address this, restricting access to the debug log file and...

CVE-2021-25644

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

Authentication flaw

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

CVE-2019-18958

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...

Design/Logic Flaw

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...

CVE-2019-18958

Nitro Pro before 13.2 is affected. The issue arises when a PDF is produced by OCR on the JPEG output of a scanner, causing Nitro Pro to write a debug.log in the same directory as the PDF. Reportedly, if this debug.log is later edited and then executed, it can pose a security risk. Connected docum...

CVE-2019-18958

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...

Nextcloud: Exposing debug.log file leads to server full path disclosure

At the following address i have found debug.log file disclose the application full path on the server. https://nextcloud.com/wp-content/debug.log Impact The server should not expose this log file as it could help an attacker to understand the environment that may lead to further attacks...

murray.wa.gov.au Improper Access Control vulnerability

Open Bug Bounty ID: OBB-677699 Description| Value ---|--- Affected Website:| murray.wa.gov.au Open Bug Bounty Program:| View Open Bug Bounty Program Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

Udemy: Multiple sub domain are vulnerable because of leaking full path

At the following address i have found debug.log file disclose the application full path onthe server. https://business.udemy.com/wp-content/debug.log http://about.udemy.com/wp-content/debug.log THe below URLs showing the version number of the application : http://about.udemy.com/readme.html...

Udemy: teach.udemy.com log poison vulnerability through wordpress debug.log being publically available

Hello udemy your site teach.udemy.com has its debug.log publically available consisting of 1 gb of debug logs. The logs don't expose critical information except for some user ip addresses, mail-addresses and other info, but it may lead to remote code execution,since the logs also store user agent...