PT-2022-9010 · Tribal Systems · Zenario Cms

Name of the Vulnerable Software and Affected Versions: Tribal Systems Zenario CMS versions prior to 8.5.51340 Description: A vulnerability has been found in the Error Log Module of the Tribal Systems Zenario CMS, specifically in the file admin organizer.js. This issue leads to cross-site scriptin...

WordPress Media Library Assistant plugin <= 3.00 - Unauthenticated Error Log Disclosure vulnerability

Unauthenticated Error Log Disclosure vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Media Library Assistant plugin versions = 3.00. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 3.01...

Media Library Assistant < 3.01 - Unauthenticated Error Log Access

The plugin does not have authorisation in place, which could allow unauthenticated attackers to access its error log if they can guess or brute force the filename...

Cross-site scripting - Reflected XSS caused by error logs in neorazorx/facturascripts

Description There are two fields that can insert the XSS payload by the error log. 1. http://127.0.0.1/facturascripts/EditBalance, the codbalance field 2. http://127.0.0.1/facturascripts/EditSettings, the tipoidfiscal field in Fiscal Id Both fields require 1 and 25 numbers or letters, no spaces,...

Home Assistant information disclosure vulnerability

Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py...

GHSA-MH78-8F49-VJG3 Home Assistant information disclosure vulnerability

Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py...

GHSA-C9R9-3H38-R7VJ Authenticated RCE in Zen Cart 1.5.5e

The traverseStrictSanitize function in admindir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the adminname array parameter to...

Anchor CMS Logs Credentials

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred...

Siemens SICAM T 跨站脚本漏洞

The SICAM P850 Multifunctional Measurement Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured...

CVE-2021-24966

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder...

Path traversal

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder...

CVE-2021-24966

The CVE-2021-24966 entry maps to the WordPress plugin Error Log Viewer (

CVE-2021-24966 Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder...

WordPress Error Log Monitor plugin < 1.7.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Error Log Monitor plugin versions 1.7.1. Solution Update the WordPress Error Log Monitor plugin to the latest available version at least 1.7.1...

WordPress Error Log Monitor plugin < 1.7.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Error Log Monitor plugin versions 1.7.1. Solution Update the WordPress Error Log Monitor plugin to the latest available version at least 1.7.1...

GSD-2022-1000285 Unsafe default configuration values in Nginx version all version

INFORMATIONAL In Nginx, all versions, a number of unsafe default configuration values exists in the web server that can be attacked via the network resulting in disclosure of information and availability. These include but are not limited to: 1. Not enough file descriptors per worker 2. The...

WordPress Error Log Viewer 1.1.1 Arbitrary File Deletion

Exploit Title: WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing Authenticated Date: 09-11-2021 Exploit Author: Ceylan Bozogullarindan Exploit Website: https://bozogullarindan.com Vendor Homepage: https://bestwebsoft.com/ Software Link:...

WordPress Error Log Viewer 1.1.1 Plugin - Arbitrary File Clearing (Authenticated) Vulnerability

Exploit Title: WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing Authenticated Exploit Author: Ceylan Bozogullarindan Exploit Website: https://bozogullarindan.com Vendor Homepage: https://bestwebsoft.com/ Software Link:...

WordPress plugin Error Log Viewer 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. WordPress plugin Error Log Viewer has a...

WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)

Exploit Title: WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing Authenticated Date: 09-11-2021 Exploit Author: Ceylan Bozogullarindan Exploit Website: https://bozogullarindan.com Vendor Homepage: https://bestwebsoft.com/ Software Link:...