Information disclosure

A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04CT2015Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical...

CVE-2023-5028 China Unicom TEWA-800G debug log file

A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04CT2015Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical...

CVE-2023-5028

CVE-2023-5028 affects China Unicom TEWA-800G, version 4.16L.04_CT2015_Yueme. The issue is an information exposure through a debug log file that can be triggered on the physical device. Sources consistently describe the vulnerability as affecting an unknown functionality and note a relatively high...

CVE-2023-5028 China Unicom TEWA-800G debug log file

A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04CT2015Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical...

PT-2023-31524 · China Unicom · Tewa-800G

Name of the Vulnerable Software and Affected Versions: China Unicom TEWA-800G version 4.16L.04 CT2015 Yueme Description: A problematic issue has been found, affecting some unknown functionality, which leads to information exposure through a debug log file. The attack can be launched on the physic...

GHSA-55VQ-XPJF-R2XC Lightbend Alpakka Kafka logs credentials on debug level

Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...

PT-2023-22034 · Malwarebytes · Malwarebytes Adwcleaner

Name of the Vulnerable Software and Affected Versions: Malwarebytes AdwCleaner version 8.4.0 Description: The issue allows a non-admin user to escalate privileges to SYSTEM via a symbolic link. This is due to an insecure file delete operation performed by Malwarebytes AdwCleaner on a...

K31757417: The BIG-IP APM system may log passwords in plaintext when the Debug log level is enabled

Security Advisory Description This issue occurs when all of the following conditions are met: You enable the Debug log level for the access policy. You configure the access policy on the BIG-IP APM system with either of the following: Citrix Login prompt with two-factor authentication Logon page...

SUSE CVE-2020-7237

Cacti 1.2.8 allows Remote Code Execution by privileged users via shell metacharacters in the Performance Boost Debug Log field of pollerautomation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance...

CVE-2022-33757

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance...

Tenable Network Security Nessus 安全漏洞

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. A security vulnerability exists in Nessus. An attacker can exploit this vulnerability to read Nessus debug log file attachments from the web UI without proper privileges...

CVE-2022-33757

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance...

CVE-2022-33757

The CVE-2022-33757 entry describes an information disclosure in Nessus where an authenticated attacker can read Nessus Debug Log file attachments via the web UI without proper privileges. Public-connected sources corroborate that this affects Nessus and its web interface, enabling disclosure of s...

CVE-2022-33757

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance...

PT-2022-33474 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue is related to the removal of a UUID from the s390 debug log in the vfio/ccw component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linu...

Slack OAuth Secrets leak in debug logs

Debug log formatting made it possible to leak OAuth secrets into debug logs. The patched version has introduced more strict checks to avoid this...

ZoneMinder Language Settings Remote Code Execution

This module exploits arbitrary file write in debug log file option chained with a path traversal in language settings that leads to a remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 Module Options msf use exploit/unix/webapp/zoneminderlangexec...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...