CVE-2023-49103 – ownCloud graphapi Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-49103
Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information. ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials. • https://github.com/creacitysec/CVE-2023-49103 https://github.com/merlin-ke/OwnCloud-CVE-2023-49103 https://github.com/MixColumns/CVE-2023-49103 https://github.com/d0rb/CVE-2023-49103 https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments https://owncloud.org/security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-2449 – UserPro <= 5.1.1 - Insecure Password Reset Mechanism
https://notcve.org/view.php?id=CVE-2023-2449
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve • CWE-620: Unverified Password Change •
CVE-2023-2437 – UserPro <= 5.1.1 - Authentication Bypass to Administrator
https://notcve.org/view.php?id=CVE-2023-2437
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • https://github.com/RxRCoder/CVE-2023-2437 http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2023-6009 – UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-6009
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=cve • CWE-266: Incorrect Privilege Assignment •
CVE-2023-6065 – Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6065
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code El complemento Quttera Web Malware Scanner de WordPress anterior a 3.4.2.1 no restringe el acceso a registros de escaneo detallados, lo que permite a un actor malintencionado descubrir rutas locales y partes del código del sitio. The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1.48 via easy to guess scan log file names. This makes it possible for unauthenticated attackers to extract sensitive data. • https://drive.google.com/file/d/1w83xWsVLS_gCpQy4LDwbjNK9JaB87EEf/view?usp=sharing https://wpscan.com/vulnerability/64f2557f-c5e4-4779-9e28-911dfaf2dda5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •