EUVD-2025-201342

The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...

WordPress plugin Autoptimize 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2019-17009

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. Note: This attack requires local system access and only affects Windows. Other...

CVE-2018-6222

Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system...

Design/Logic Flaw

Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system...

CVE-2018-6222

Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system...

CVE-2018-6222

The CVE-2018-6222 family covers multiple vulnerabilities in Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) found in the web console. Documented issues include: arbitrary log file locations enabling log manipulation and potential command execution (CVE-2018-6222); insecure update mechani...