CVE-2014-8735
The Drupal Bad Behavior module (versions 6.x-2.x prior to 6.x-2.2216 and 7.x-2.x prior to 7.x-2.2216) allows information disclosure by logging usernames and passwords. This occurs because remote authenticated users with the "administer bad behavior" permission can read the module’s logs to obtain...