CVE-2022-43691

Concrete CMS (concrete5) is affected by CVE-2022-43691. The vulnerability causes disclosure of server-side secrets and environment/server information when Debug Mode is enabled in production. Affected versions are Concrete CMS

CVE-2022-43691

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information secrets in environment variables and server information when Debug Mode is left on in production...

CVE-2022-43691

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information secrets in environment variables and server information when Debug Mode is left on in production...

CVE-2022-27912

An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests...

Design/Logic Flaw

An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests...

CVE-2022-27912

CVE-2022-27912 affects Joomla! 4.0.0–4.2.3; publicly enabled debug mode leaks data from previous requests (BIT-JOOMLA notes it may include full request payloads, including passwords). Mitigation: disable public debug mode and upgrade to Joomla! 4.2.4 or later.

CVE-2022-27912 [20221001] - Core - Debug Mode leaks full request payloads including passwords

An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests...

CVE-2022-27912

An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests...

PT-2022-18687 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 4.0.0 through 4.2.3 Description: An issue was discovered in Joomla! where sites with publicly enabled debug mode exposed data of previous requests. Recommendations: For Joomla! versions 4.0.0 through 4.2.3, disable the public...

Joomla 4.0.x < 4.2.4 Multiple Vulnerabilities (5870-joomla-4-2-4-security-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.2.4. It is, therefore, affected by multiple vulnerabilities. - Joomla 4 sites with publicly enabled debug mode exposed data of previous requests. CVE-2022-27912 - Inadequate...

[20221001] - Core - Disclosure of critical information in debug mode

Joomla 4 sites with publicly enabled debug mode exposed data of previous requests...

Anti-vaxxer dating site exposes user data

An anti-vax dating site has been revealed as shockingly easy to compromise by security researchers. Many major aspects of the site, from membership subscriptions to support tickets, were found to be vulnerable. The site, called Unjected, has been around since last year. It functions as a sort of...

Cross-site Scripting in Apache Struts

When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...

GHSA-265R-PP83-GWW7 Cross-site Scripting in Apache Struts

When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...

GHSA-J249-GHV5-7MXV Secret insertion into debug log in Docker

In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...

GHSA-RXRM-XVP4-JQVH OpenStack Keystone Sensitive information disclosure via log files

OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...

OpenStack Keystone Sensitive information disclosure via log files

OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...

Yii Framework Reflected XSS

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

GHSA-4XH9-5VH8-3P58 Yii Framework Reflected XSS

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

GHSA-4C64-W8FG-XCQ2 Yii Cross-site Scripting Framework vulnerability

An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception-errorInfo is mishandled...