EUVD-2010-1421

Malware in sbrugna...

EUVD-2022-38296

Malicious code in bioql PyPI...

CVE-2023-3604

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...

CVE-2022-35406

A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect...

CVE-2023-50954 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776...

Design/Logic Flaw

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...

CVE-2023-3604 Change WP Admin < 1.1.4 - Secret Login Page Disclosure

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...

CVE-2023-3604

CVE-2023-3604 affects the Change WP Admin Login WordPress plugin prior to version 1.1.4. The vulnerability arises from disclosing the URL of the hidden login page when a crafted URL is accessed, bypassing the plugin’s protection mechanism. Impact, as stated in multiple sources, is that an unauthe...

CVE-2023-3139 Protect WP Admin < 4.0 - Unauthenticated Protection Bypass

The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered...

CVE-2023-3139

Protect WP Admin WordPress plugin before 4.0 discloses the admin panel URL via a crafted URL redirection, bypassing protection. Root cause: redirection flaw enabling unauthenticated disclosure of the admin URL. Affected versions:

PT-2023-23296

Name of the Vulnerable Software and Affected Versions: Protect WP Admin WordPress plugin versions prior to 4.0 Description: The issue allows an attacker to disclose the URL of the admin panel via a redirection of a crafted URL, effectively bypassing the protection offered by the plugin...

Textpattern 4.8.8 Session Token Disclosure Vulnerability

Textpattern version 4.8.8 logs the session token in a GET request where it may end up getting disclosed in logs or via a referer. Title: textpattern-4.8.8 Session token in URL Vulnerability Author: nu11secur1ty Vendor: https://textpattern.com/ Software:...

XML External Entity (XXE) Injection

libplist.so is vulnerable to XML External Entity XXE Injection. The vulnerability exists due to the plistfromxml function in xplist.c because external references are not restricted which allows an attacker to use a specifically crafted XML file to issue a request to an arbitrary URL or disclose a...

Drupal 7.x < 7.95 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...

PT-2022-22653 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 Description: A NoSQL-Injection information disclosure issue exists in the getS3FileUrl Meteor server method, which can disclose arbitrary...

WordPress Duplicator Plugin < 1.4.7 Information Disclosure Vulnerability

The WordPress plugin Duplicator is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

CVE-2022-35406

A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect...

CVE-2022-35406

A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect...

Design/Logic Flaw

A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect...