159 matches found
CVE-2025-12721 g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure
The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /serverstatus REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the serv...
CVE-2025-12721
The CVE-2025-12721 entry concerns the WordPress plugin g-FFL Cockpit (versions up to 1.7.1). Public docs indicate a Missing Authorization to Unauthenticated Information Exposure via the /server_status REST endpoint, allowing unauthenticated attackers to extract server information. Connected sourc...
PT-2025-49337
The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the...
EUVD-2020-19494
Malware in sbrugna...
EUVD-2020-24004
Malware in sbrugna...
EUVD-2007-5779
Malware in sbrugna...
EUVD-2023-36794
Malicious code in bioql PyPI...
BIT-MONGODB-2024-3372 MongoDB Server may have unexpected application behaviour due to invalid BSON
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...
Linux Distros Unpatched Vulnerability : CVE-2017-18635
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages...
NetScaler 14.1 - STA server marked down
STA server status is Down on Gateway vserver though it is reachable from the NetScaler...
CVE-2021-24662
The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...
CVE-2020-36527
A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...
CVE-2011-3819
WoW Server Status 4.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by status.php and certain other files...
Checkmate 安全漏洞
Checkmate is an open source, self-hosted tool from BlueWave Open Source designed to track and monitor server hardware, uptime, response time and events in real-time with beautiful visualizations. A security vulnerability exists in Checkmate 2.0.2 and earlier versions, which stems from the fact th...
CVE-2024-56361 Stored Cross-Site Scripting (XSS) in lgsl v7.0
LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...
Using Veeam Backup Software on Provisioning Services Server
While running Veeam software to backup Provisioning Services PVS servers, one of the PVS servers display status as Down in PVS server console regardless of whether the stream service is running. The following screen shot shows the server status in PVS console. The following screen shot shows the...
GHSA-J59V-VGCR-HXVF GeoServer's Server Status shows sensitive environmental variables and Java properties
GeoServer's Server Status page and REST API at /geoserver/rest/about/status lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as...
GeoServer's Server Status shows sensitive environmental variables and Java properties
GeoServer's Server Status page and REST API at /geoserver/rest/about/status lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as...
CVE-2024-34696
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...
CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...