18 matches found
Squid Proxy - HTTP Authentication Credentials Disclosure
Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...
OESA-2025-2531 squid security update
Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact...
CVE-2025-62168 Squid vulnerable to information disclosure via authentication credential leakage in error handling
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...
PT-2025-2134 · WordPress · Sandbox
Name of the Vulnerable Software and Affected Versions: Sandbox plugin for WordPress versions up to and including 0.4 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages through the...
PT-2025-3192 · Unknown · Smart Toilet Lab - Motius
Name of the Vulnerable Software and Affected Versions: Smart Toilet Lab - Motius version 1.3.11 Description: The issue is related to the Smart Toilet Lab - Motius running with debug mode turned on, which exposes sensitive information defined in the Django settings file through a verbose error pag...
PT-2024-34884 · Authkit +1 · Authkit +1
Name of the Vulnerable Software and Affected Versions: AuthKit library for Remix versions prior to 0.4.1 Description: The issue concerns the logging of refresh tokens to the console when the debug flag is enabled. This flag is disabled by default. There are no known workarounds for this issue. Al...
PT-2023-27531
Name of the Vulnerable Software and Affected Versions EWWW Image Optimizer versions through 7.2.0 Description The issue is related to the exposure of sensitive information to an unauthorized actor. It only occurs when the debug.log is turned on. Recommendations For versions through 7.2.0, turn of...
PT-2023-16268 · Mongodb · Mongodb Atlas Kubernetes Operator
Name of the Vulnerable Software and Affected Versions: MongoDB Atlas Kubernetes Operator versions 1.5.0 through 1.7.0 Description: The issue affects MongoDB Atlas Kubernetes Operator, causing it to print sensitive information like GCP service account keys and API integration secrets when DEBUG mo...
Design/Logic Flaw
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...
PT-2023-8995 · Etcd-Io +7 · Etcd-Io +7
Name of the Vulnerable Software and Affected Versions: Etcd-io version 3.4.10 Description: The issue is related to an authentication vulnerability that can be exploited by sending an authentication request to the etcdserver with a username and password, potentially allowing a remote attacker to...
PT-2022-21729 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.2.1 Description: The issue allows an attacker with admin privilege to read sensitive information, including usernames and encoded passwords, which are logged in debug-enabled logs. Recommendations: For...
PT-2022-18687 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 4.0.0 through 4.2.3 Description: An issue was discovered in Joomla! where sites with publicly enabled debug mode exposed data of previous requests. Recommendations: For Joomla! versions 4.0.0 through 4.2.3, disable the public...
PT-2022-23438 · H3C · H3C Gr-1200W
Name of the Vulnerable Software and Affected Versions: H3C GR-1200W MiniGRW1A0V100R006 Description: A stack overflow issue was discovered in the H3C GR-1200W MiniGRW1A0V100R006 via the function debug wlan advance. Recommendations: For H3C GR-1200W MiniGRW1A0V100R006, consider disabling the debug...
PT-2018-6840 · Symfony +1 · Symfony +1
Name of the Vulnerable Software and Affected Versions: Symfony versions 2.7.x through 2.7.32 Symfony versions 2.8.x through 2.8.25 Symfony versions 3.x through 3.2.12 Symfony versions 3.3.x through 3.3.5 Description: The issue concerns a problem with the debug handler in Symfony, where there is a...
HP-UX FTP daemon is vulnerable to a buffer overflow
Overview The HP-UX FTP daemon ftpd contains a buffer overflow that may allow an unauthenticated, remote attacker to execute arbitrary code. Description The HP-UX FTP daemon ftpd is vulnerable to a buffer overflow when the FTP daemon is configured to log debugging information. Debug logging is...
MailPost discloses sensitive system information when operating in debug mode
Overview A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment.. Description According to the ProCheckUp report, MailPost contains a vulnerabilit...
Sun Solaris patches may cause passwords to be logged in clear text
Overview Sun Solaris contains a vulnerability in which systems configured as kerberos clients that have specific patches installed may log passwords in clear text. Description Sun Microsystems released patches 112908-12 and 115168-03 to address issues in kerberos. There is a vulnerability in thes...