PT-2025-2690

Name of the Vulnerable Software and Affected Versions glog affected versions not specified Description The issue arises when logs are written to a widely-writable directory, allowing an unprivileged attacker to predict a privileged process's log file path and create a symbolic link to a sensitive...

CVE-2024-57548

CMSimple 5.16 allows the user to edit log.php file via print page...

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16 that originates from allowing a user to edit the log.php file via the print page...

CVE-2024-57548

CMSimple 5.16 is affected by a vulnerability that allows editing the log.php file via the print page, due to incorrect directory path access restrictions. The issue supports remote exploitation through specially crafted GET requests, enabling an attacker to edit log.php and potentially access pro...

CVE-2024-57548

CMSimple 5.16 allows the user to edit log.php file via print page...

CVE-2023-38271

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files...

CVE-2024-45091 IBM UrbanCode Deploy information disclosure

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

Insertion of Sensitive Information into Log File

Overview typo3/cms-install is a TYPO3 extension install. The Install Tool is used for installation, upgrade, system administration and setup tasks. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to improper handling of sensitive informatio...

CVE-2024-12008

CVE-2024-12008 (W3 Total Cache for WordPress) is described in connected Red Hat documentation as a vulnerability to Information Exposure in all versions up to and including 2.8.1, exposed via the publicly accessible debug log file. The issue allows unauthenticated attackers to view potentially se...

CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...

CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...

CVE-2024-40679

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions...

CVE-2024-40679

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions...

CVE-2024-40679 IBM Db2 information disclosure

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions...

CVE-2024-40679

CVE-2024-40679 affects IBM Db2 for Linux/UNIX/Windows (including Db2 Connect Server) version 11.5. It is an information-disclosure vulnerability where sensitive data may be written to a log file under certain conditions (CWE-532: Insertion of Sensitive Information into Log File). The IBM-connecte...

CVE-2024-40679 IBM Db2 information disclosure

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions...

CVE-2024-52891

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization...

PT-2025-1195 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.3 Description: The issue is related to improper log neutralization, which could allow an authenticated user to inject malicious information or obtain information from log files. This is due to t...

PT-2025-3469 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation may allow a remote attacker to gain unauthorized access to protected information by sending a specially...

Hanwha Vision NVR 安全漏洞

Hanwha Vision NVR is a series of network video recorder devices from Hanwha Vision, a South Korean company. A security vulnerability exists in the Hanwha Vision NVR that originates from an attacker being able to create log files in a directory one level higher than the directory where the NVR log...