Filtered by CWE-532
Filtered by vendor Subscriptions
Total 853 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-18423 1 Cpanel 1 Cpanel 2024-11-21 N/A
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
CVE-2017-18412 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
CVE-2017-17675 1 Bmc 1 Remedy Mid-tier 2024-11-21 5.3 Medium
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.
CVE-2017-16946 1 Misp 1 Misp 2024-11-21 N/A
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
CVE-2017-15572 2 Debian, Redmine 2 Debian Linux, Redmine 2024-11-21 N/A
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
CVE-2017-15366 1 Ndocsoftware 1 Ndoc 2024-11-21 N/A
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.
CVE-2017-15113 2 Ovirt, Redhat 3 Ovirt, Rhev Manager, Virtualization 2024-11-21 N/A
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
CVE-2017-11134 1 Stashcat 1 Heinekingmedia 2024-11-21 N/A
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.
CVE-2017-1000401 1 Jenkins 1 Jenkins 2024-11-21 N/A
The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged.
CVE-2017-1000171 1 Mahara 1 Mahara Mobile 2024-11-21 N/A
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
CVE-2017-0380 1 Torproject 1 Tor 2024-11-21 N/A
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.
CVE-2017-0361 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-11-21 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
CVE-2016-9985 1 Ibm 1 Cognos Business Intelligence 2024-11-21 N/A
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.
CVE-2016-9882 1 Cloudfoundry 2 Capi-release, Cf-release 2024-11-21 7.5 High
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog.
CVE-2016-9344 1 Moxa 6 Miineport E1, Miineport E1 Firmware, Miineport E2 and 3 more 2024-11-21 N/A
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
CVE-2016-8912 1 Ibm 1 Kenexa Lms On Cloud 2024-11-21 N/A
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.
CVE-2016-8346 1 Moxa 3 Edr-810, Edr-810-vpn, Edr-810 Firmware 2024-11-21 N/A
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION).
CVE-2016-8233 1 Lenovo 1 Xclarity Administrator 2024-11-21 N/A
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
CVE-2016-6799 1 Apache 1 Cordova 2024-11-21 N/A
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
CVE-2016-6310 1 Redhat 1 Enterprise Virtualization 2024-11-21 N/A
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.