CVE-2024-39732 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39732
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 almacena temporalmente datos de diferentes entornos que podría obtener un usuario malintencionado. ID de IBM X-Force: 295791. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295791 https://www.ibm.com/support/pages/node/7160185 • CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVE-2024-39734 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39734
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 no establece el atributo seguro en señales de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/296001 https://www.ibm.com/support/pages/node/7160185 •
CVE-2024-6477 – UsersWP < 1.2.12 - Users Information Disclosure
https://notcve.org/view.php?id=CVE-2024-6477
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.11due to insufficient protections on the '/uploads/cache/' directory. This makes it possible for unauthenticated attackers to extract sensitive data from user exports. • https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-38761 – WordPress Zephyr Project Manager plugin <= 3.3.99 - Sensitive Data Exposure via Export File vulnerability
https://notcve.org/view.php?id=CVE-2024-38761
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99. The Zephyr Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.99 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-99-sensitive-data-exposure-via-export-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-38760 – WordPress Send Users Email plugin <= 1.5.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38760
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1. The Send Users Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/send-users-email/wordpress-send-users-email-plugin-1-5-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •