69 matches found
HCL Leap 安全漏洞
HCL Leap is a low-code development platform from HCL India. A security vulnerability exists in HCL Leap, which stems from the lack of a no cache header, which could lead to user directory information being cached...
Take control of Cache-Control and local caching
TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directiveprevents caching Introduction The HTTP Cache-Control header is sometimes misunderstood. It's important because it is used to speci...
WordPress Content No Cache plugin <= 0.1.2 - Unauthenticated Private Content Disclosure vulnerability
Unauthenticated Private Content Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Content No Cache versions = 0.1.2...
PT-2024-17440 · WordPress · Content No Cache
Name of the Vulnerable Software and Affected Versions: Content No Cache: prevent specific content from being cached plugin for WordPress versions up to, and including, 0.1.2 Description: The issue allows unauthenticated attackers to extract data from password protected, private, or draft posts du...
WordPress plugin Content No Cache 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
SUSE CVE-2024-53848
check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...
CVE-2024-53848
The CVE-2024-53848 issue affects the check-jsonschema tool (and related advisories) where the default caching uses the remote schema basename (e.g., https://example.org/schema.json) as the cache filename. This can allow a malicious schema URL to overwrite or be substituted in the cache leading to...
CVE-2024-53848
check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...
PT-2024-35950
Name of the Vulnerable Software and Affected Versions: check-jsonschema versions prior to 0.30.0 Description: The default cache strategy in check-jsonschema uses the basename of a remote schema as the name of the file in the cache. This naming allows for conflicts, enabling an attacker to insert...
GHSA-FW5R-6M3X-RH7P Flask-AppBuilder's login form allows browser to cache sensitive fields
Impact Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Patches Upgrade flask-appbuilder to version 4.5.1 Workarounds If upgrading is not possible configure your web server to send the...
PT-2024-31566
Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions prior to 4.5.1 Description The auth DB login form default cache directives in Flask-AppBuilder allow browsers to locally store sensitive data. This can be an issue in environments using shared computer resources...
GHSA-XW73-RW38-6VJC Classic builder cache poisoning
The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache...
PT-2024-1509
Name of the Vulnerable Software and Affected Versions Moby versions prior to 23.0 Moby versions 23.0 and later with DOCKER BUILDKIT=0 environment variable Moby versions 23.0 and later using the /build API endpoint Description The classic builder cache system in Moby is prone to cache poisoning if...
SUSE CVE-2009-0358
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
SUSE CVE-2013-4959
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as 1 host name, 2 MAC address, and 3 SSH keys via the web browser cache...
SUSE CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
WordPress 5.2.3 - Cross-Site Host Modification Exploit
Exploit for php platform in category web applications !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server,...
WordPress 5.2.3 - Cross-Site Host Modification
WordPress 5.2.3 - Cross-Site Host Modification !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something lik...
DEBIAN-CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...