CVE-2026-7635

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...

CVE-2021-22310

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions includ...

CVE-2022-31098

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the audit log storage. An attacker can obtain sensitive information, such as secret values, cluster import URLs, and registration tokens, by accessing unredacted audit logs. Note: Thi...

EUVD-2019-4640

Malware in sbrugna...

CVE-2019-17396

In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

PT-2024-20766 · Treasure Data · Digdag

Name of the Vulnerable Software and Affected Versions: Digdag versions prior to 0.10.5.1 Description: The issue is a path traversal vulnerability in Treasure Data's digdag workload automation system when it is configured to store log files locally. This may lead to information disclosure...

PT-2022-28196 · Etcd · Etcd

Name of the Vulnerable Software and Affected Versions: etcd affected versions not specified Description: The issue concerns data exposure due to the storage of user credentials in WAL entries on each user authentication. If the WAL log files are not secure, it can potentially expose sensitive...

CVE-2022-31098

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...

CVE-2022-31098 Weave GitOps leaked cluster credentials into logs on connection errors

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...

FusionCompute 信息泄露漏洞

Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, among others. FusionCompute suffers from an information disclosure vulnerability that originates from improper storage of specific information ...

CVE-2021-22310

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions includ...

CVE-2020-6015

Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations...

CVE-2019-17397

The CVE-2019-17397 entry affects the DoorDash Android app (up to version 11.5.2). The underlying issue is that during authentication, the username and password are written to logs (logcat), making them potentially accessible to attackers who can read the device logs. This describes credential lea...

CVE-2019-3830

A vulnerability was found in ceilometer where administrative credentials were permanently stored in the log. A user with access to the logs could obtain these credentials and escalate their privileges...

Default credentials

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

OneLogin SecureNotes Breach Exposed Data in Cleartext

Single sign-on company OneLogin began notifying customers this week that an attacker was able to take advantage of a bug in its system and view sensitive notes posted by users, thought to be secure. The company, whose authentication technology secures cloud-based applications, confirmed the...

[SECURITY] Fedora 19 Update: bip-0.8.9-1.fc19

Bip is an IRC proxy, which means it keeps connected to your preferred IRC servers, can store the logs for you, and even send them back to your IRC clients upon connection. You may want to use bip to keep your logfiles in a unique format and on a unique computer whatever your client is, when you...

Mastery OA contents of the log stored XSS can get the cookie-vulnerability warning-the black bar safety net

Mastery OA2013 and 2 0 1 0 version, Office Anywhere 2 0 1 3 work log edit page there is the storage typeXSS, and their superiors view the log after you can steal the cookie 1, the work log edit page source code to bypass the bypass a character can be constructedXSS! ! ! 1, the interception to giv...

ThinkSNS日志某处储存性XSS！！！

简要描述： ThinkSNS日志某处储存性XSS！！！ 详细说明： http://i.thinksns.com/apps/blog/index.php?s=/Index/addBlog 添加日志-添加分类 在分类处未做处理 导致XSS漏洞的触发 然后发表·· 漏洞证明： 当对方查看你的日志时 XSS代码就会触发 由于日志功能有交互性啊 要是被插入盗取cookie 和XSS蠕虫的代码就。。。。。...