CyberSecurityBoard
Sponsor Register Login

CVE-2024-1479

The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages.

This Cyber News was published on www.tenable.com. Publication date: Thu, 14 Mar 2024 00:41:03 +0000


Cyber News related to CVE-2024-1479

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
6 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
CVE-2024-1479 - The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to ...
1 year ago Tenable.com
CVE-2024-20068 - In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID: ...
10 months ago
CVE-2004-1479 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0928. Reason: This candidate is a duplicate of CVE-2004-0928. Notes: All CVE users should reference CVE-2004-0928 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com
CVE-2011-1479 - Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an ...
2 years ago
CVE-2010-1479 - SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php. ...
14 years ago
CVE-2015-1479 - SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter. ...
10 years ago
CVE-2001-1479 - smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT. ...
7 years ago
CVE-2005-1479 - SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
7 years ago
CVE-2002-1479 - Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges. ...
7 years ago
CVE-2006-1479 - Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) ...
7 years ago
CVE-2003-1479 - Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field. ...
7 years ago
CVE-2008-1479 - Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are ...
7 years ago
CVE-2016-1479 - Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. ...
7 years ago
CVE-2007-1479 - Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. ...
7 years ago
CVE-1999-1479 - The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters. ...
7 years ago
CVE-2012-1479 - Unspecified vulnerability in the AContact (com.movester.quickcontact) application 1.8.2 for Android has unknown impact and attack vectors. ...
7 years ago
CVE-2018-1479 - IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761. ...
6 years ago
CVE-2009-1479 - Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. ...
6 years ago
CVE-2018-16715 - An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement ...
5 years ago
CVE-2014-1479 - The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass ...
4 years ago
CVE-2020-1479 - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. ...
3 years ago
CVE-2013-1479 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)