- SEC Consult Vulnerability Lab reported an XPath injection vulnerability in IBM Web Content Manager (versions 6.x, 7.x, 8.x). The discovered vulnerability can be exploited without authentication and therefore pose a high security risk - it allows extraction of configuration data from the server. An unauthenticated user is able to perform blind XPath Injection attacks e.g. get current application configuration, enumerate nodes and extract other valuable information from vulnerable installations of Web Content Manager.
- Apply the Interim Fix PI07777 (consult web references).
- WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)
- WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)
- Apache 2.0.43 Win32 file reading vulnerability
- Possible server path disclosure (Windows)
- WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)