1177 matches found
CVE-2022-43691
Concrete CMS (concrete5) is affected by CVE-2022-43691. The vulnerability causes disclosure of server-side secrets and environment/server information when Debug Mode is enabled in production. Affected versions are Concrete CMS
CVE-2022-27912
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests...
Design/Logic Flaw
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests...
CVE-2022-27912
CVE-2022-27912 affects Joomla! 4.0.0–4.2.3; publicly enabled debug mode leaks data from previous requests (BIT-JOOMLA notes it may include full request payloads, including passwords). Mitigation: disable public debug mode and upgrade to Joomla! 4.2.4 or later.
CVE-2022-27912 [20221001] - Core - Debug Mode leaks full request payloads including passwords
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests...
CVE-2022-27912
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests...
Joomla 4.0.x < 4.2.4 Multiple Vulnerabilities (5870-joomla-4-2-4-security-release)
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.2.4. It is, therefore, affected by multiple vulnerabilities. - Joomla 4 sites with publicly enabled debug mode exposed data of previous requests. CVE-2022-27912 - Inadequate...
PT-2022-18687 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 4.0.0 through 4.2.3 Description: An issue was discovered in Joomla! where sites with publicly enabled debug mode exposed data of previous requests. Recommendations: For Joomla! versions 4.0.0 through 4.2.3, disable the public...
[20221001] - Core - Disclosure of critical information in debug mode
Joomla 4 sites with publicly enabled debug mode exposed data of previous requests...
Anti-vaxxer dating site exposes user data
An anti-vax dating site has been revealed as shockingly easy to compromise by security researchers. Many major aspects of the site, from membership subscriptions to support tickets, were found to be vulnerable. The site, called Unjected, has been around since last year. It functions as a sort of...
GHSA-265R-PP83-GWW7 Cross-site Scripting in Apache Struts
When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...
Cross-site Scripting in Apache Struts
When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...
GHSA-J249-GHV5-7MXV Secret insertion into debug log in Docker
In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...
OpenStack Keystone Sensitive information disclosure via log files
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
GHSA-RXRM-XVP4-JQVH OpenStack Keystone Sensitive information disclosure via log files
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
Yii Framework Reflected XSS
Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...
GHSA-4XH9-5VH8-3P58 Yii Framework Reflected XSS
Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...
Yii Cross-site Scripting Framework vulnerability
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception-errorInfo is mishandled...
GHSA-4C64-W8FG-XCQ2 Yii Cross-site Scripting Framework vulnerability
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception-errorInfo is mishandled...
GHSA-3F2C-JM6V-CR35 Django DNS Rebinding Vulnerability
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...