All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...

EUVD-2026-2729

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

Pimcore security vulnerabilities

Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications such as web content management, e-commerce frameworks, and product information management. Versions of Pimcore prior to 12.3.1 and 11.5.14 contained security...

EUVD-2004-0921

Malware in sbrugna...

EUVD-2015-2077

Malware in sbrugna...

CVE-2022-29882

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses the error logs - perform arbitrary...

SUSE CVE-2004-0923

CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...

PYSEC-2018-46

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...

CVE-2017-1226

IBM Tivoli Endpoint Manager IBM BigFix Platform 9.2 and 9.5 generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905...

CVE-2017-1434

IBM DB2 for Linux, UNIX and Windows 11.1 includes DB2 Connect Server under unusual circumstances, could expose highly sensitive information in the error log to a local user...

CVE-2015-1972

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request...

CVE-2004-0923

CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...

DEBIAN-CVE-2004-0923

CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...

Mandrake Linux Security Advisory : cups (MDKSA-2004:116)

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte ...