WordPress plugin Error Log Viewer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection...

PT-2025-16098 · Unknown · Error Log Viewer

Name of the Vulnerable Software and Affected Versions: Error Log Viewer versions 1.0.5 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command. This allows fo...

CVE-2025-22014 soc: qcom: pdr: Fix the potential deadlock

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdraddlookup to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and cal...

uberAgent data from Windows 11 does not appear in Splunk

Checking the uberAgent UXM app in Splunk for a Windows 11 machine, or querying index=uberAgent for a specific machine, will return no results. The uberAgent.log from the Windows 11 machine will contain the following error. Error: 'wmic' is not recognized as an internal or external command,operabl...

Linux Distros Unpatched Vulnerability : CVE-2018-14624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when...

CVE-2025-1075

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40, and 2.1.0p51 EOL causes LDAP credentials to be written to Apache error log file accessible to administrators...

CVE-2025-1075

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40, and 2.1.0p51 EOL causes LDAP credentials to be written to Apache error log file accessible to administrators...

CVE-2025-1075 LDAP credentials logged to Apache error log

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40, and 2.1.0p51 EOL causes LDAP credentials to be written to Apache error log file accessible to administrators...

CVE-2025-1075 LDAP credentials logged to Apache error log

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40, and 2.1.0p51 EOL causes LDAP credentials to be written to Apache error log file accessible to administrators...

DEBIAN-CVE-2024-45598

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the Poller Standard Error Log Path parameter in either Installation Step 5 or in Configuration-Settings-Paths tab to a local file inside the server. Then simply going to Logs tab and...

CVE-2024-45598

CVE-2024-45598 affects Cacti prior to version 1.2.29. An administrator can set Poller Standard Error Log Path to a local server file, and from the Logs UI reveal the file’s contents. Affected component: Cacti Poller/Settings path handling. Impact: potential exposure of local file contents via the...

CVE-2024-45598 Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the Poller Standard Error Log Path parameter in either Installation Step 5 or in Configuration-Settings-Paths tab to a local file inside the server. Then simply going to Logs tab and...

CVE-2024-12849

The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wpajaxnoprivelvwplogdownload AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, whi...

CVE-2024-12849

The Error Log Viewer By WP Guru WordPress plugin (up to version 1.0.1.3) is affected by an Arbitrary File Read through the wp_ajax_nopriv_elvwp_log_download action. Unauthenticated attackers can read arbitrary server files, exposing sensitive data. Remediation: upgrade the plugin to a version new...

CVE-2024-12849 Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Unauthenticated Arbitrary File Read

The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wpajaxnoprivelvwplogdownload AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, whi...

PT-2025-1964 · Wp Guru · Error Log Viewer By Wp Guru

Name of the Vulnerable Software and Affected Versions: Error Log Viewer By WP Guru plugin for WordPress versions up to, and including, 1.0.1.3 Description: The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information, vi...

WordPress plugin Error Log Viewer By WP Guru 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...

WordPress Error Log Viewer plugin <= 1.0.1.3 - Missing Authorization to Unauthenticated Arbitrary File Read vulnerability

Missing Authorization to Unauthenticated Arbitrary File Read vulnerability discovered by yudha in WordPress Plugin Error Log Viewer versions = 1.0.1.3...

CVE-2024-38516

CVE-2024-38516 affects the ai-client-html component of the Aimeos e-commerce stack. The root cause, as described across sources, is a vulnerability where debug information can leak sensitive data from environment variables via error logs. The issue is categorized as information disclosure with hi...

CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22...