19 matches found
CVE-2026-23846
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...
CVE-2026-23846 Tugtainer vulnerable to Password Exposure via URL Query Parameter
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...
CVE-2026-23846
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...
Tugtainer security vulnerabilities
Tugtainer is an automated Docker container update application with a web interface, developed by Eugene Savin. Versions of Tugtainer prior to 1.16.1 contained security vulnerabilities. These vulnerabilities stemmed from the password authentication mechanism, which transmitted passwords via URL...
CVE-2026-22644
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...
PT-2026-3011
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...
PT-2025-44170
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 contain a command injection issue. An authenticated attacker can execute arbitrary commands as the 'nobody' user through multiple parameter...
CVE-2025-52351
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL e.g., https://domain.com/activate=xyz. This practice can result in password exposure via...
CVE-2024-40620
CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the...
DEBIAN-CVE-2017-8761
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...
UBUNTU-CVE-2017-8761
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...
Authentication flaw
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Versions: 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET...
Barco wePresent WiPG-1600W Authentication Bypass Vulnerability
The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history...
How to Collect Logs for Veeam Plug-in for Oracle RMAN
Purpose This article documents how to collect the diagnostic information needed for a support case involving the Veeam Plug-in for Oracle RMAN. Solution 1. Collect diagnostic information as documented in the five sections below. 2. Combine the data into a single .zip file. 3. Attach the zip file ...
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities
Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet and intranets and is deployed on several communal and...
MuM Map Edit 3.2.6.0 SQL Injection / File Manipulation / Poor Practices
Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet and intranets and is deployed on several communal and...
Lulzsec Hacker tracked by Proxy logs, can face 15 years prison
Lulzsec Hacker tracked by Proxy logs, can face 15 years prison The FBI believes that the homeless man they arrested on Thursday was "Commander X", a member of the People's Liberation Front PLF associated with Anonymous hacktivism. The logs maintained by HideMyAss.com, in addition to other evidenc...
Lulzsec Hacker tracked by Proxy logs, can face 15 years prison
Lulzsec Hacker tracked by Proxy logs, can face 15 years prison The FBI believes that the homeless man they arrested on Thursday was "Commander X", a member of the People's Liberation Front PLF associated with Anonymous hacktivism. The logs maintained by HideMyAss.com, in addition to other evidenc...
DEBIAN-CVE-2008-1168
Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown;...