CVE-2022-1412

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

CVE-2022-1412

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

CVE-2022-1412

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

Information disclosure

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

CVE-2022-1412

The CVE-2022-1412 affects the WordPress Log WP_Mail plugin (versions

CVE-2022-1412 Log WP_Mail <= 0.1 - Email Logs Publicly Accessible

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

WordPress plugin Log WP_Mail 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

PT-2022-13868 · WordPress · Wp Mail Log

Name of the Vulnerable Software and Affected Versions: Log WP Mail WordPress plugin versions 0.1 and earlier Description: The issue allows any unauthenticated visitor to obtain potentially sensitive information, such as generated passwords, due to sent emails being saved in a publicly accessible...

DEBIAN-CVE-2022-32296

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 "Double-Hash Port Selection Algorithm" of RFC 6056...

GHSA-G24W-373R-5PXG Use of Insufficiently Random Values in Apereo CAS

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...

Use of Insufficiently Random Values in Apereo CAS

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...

Design/Logic Flaw

A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to...

CVE-2013-10004 Telecommunication Software SAMwin Contact Center Suite Password SAMwinLIBVB.dll passwordScramble improper authentication

A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to...

CVE-2019-13226

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/block-dev-basename in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary...

Improper Control of Generation of Code in HawtJNI

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

RPLY Predictable Tmpfile Names Allows Cache Spoofing

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

GHSA-9GCF-PQ99-RJW3 RPLY Predictable Tmpfile Names Allows Cache Spoofing

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

Exploit for Use of a One-Way Hash with a Predictable Salt in Redux Gutenberg_Template_Library_\&_Redux_Framework

cve-2021-38314 - Unauthenticated Sensitive Information Disclos...

Ansible uses a socket with predictable filename in /tmp

runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/...

GHSA-PCQV-C46V-2P4V Ansible Arbitrary File Overwrite Vulnerability

lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/...