Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Credentials exposed in logs is a type of Information Leakage vulnerability. This vulnerability occurs when a mobile app, for either iOS or Android, transmits sensitive data such as login credentials in an insecure format, usually in plaintext, over an insecure network. This type of vulnerability is listed in the CWE...
Directory listing is an information leakage vulnerability that occurs when a web or API server allows directory contents to be read, usually through a web browser, without proper authentication. This allows attackers to access sensitive files, such as configuration and log files, which may contain valuable information or credentials. Directory...
Disclosure of source code is a vulnerability that occurs when an application or system fails to protect its source code from unauthorized access. The source code of an application is its most sensitive asset, as it contains confidential information and business logic. This vulnerability is identified by the Common Weakness...
Embedded Password in Source Code is a vulnerability classified as CWE-259 and involves the unintentional disclosure of a password, secret, or other sensitive information within the source code of a web or API application. This vulnerability is mainly due to accidental inclusion of credentials in source code, which can be...
Enumeration of objects is an information leakage vulnerability that occurs when an attacker attempts to gain access to sensitive information by listing the names of objects or files (CWE-200). This type of attack may be done by exploiting the way a web or API application lists and organizes objects or...
Exposure of sensitive data in git repository is a type of information leakage vulnerability (CWE-200). It happens when sensitive data is accidentally committed and pushed to a public git repository, where it can be accessed by anyone. The vulnerability affects both Infrastructure and Web and API. According to the OWASP...
Exposure of sensitive information to an unauthorized actor is a type of Information Leakage vulnerability that occurs in Web and API applications. It is described in the Common Weakness Enumeration (CWE) directory as CWE-200. According to the Open Web Application Security Project (OWASP) Testing Guide, this vulnerability is caused when...
External service interaction leaks IP addresses is a type of information leakage vulnerability (CWE-200) that occurs when a web or API infrastructure interacts with an external service, such as a third-party API. This type of vulnerability can lead to the exposure of sensitive data, such as IP addresses of users...
HTTP TRACE method is enabled vulnerability is a type of Information Leakage vulnerability, that can occur in Web and API applications. It occurs when a web server is configured to allow HTTP TRACE method requests. This method is used to debug and troubleshoot web based applications, and if enabled, attackers...
Internal Host Name Disclosure is a type of Information Leakage vulnerability (CWE-200) that can occur in both Web and API applications as well as Infrastructure. It is a vulnerability that occurs when a system or application reveals its internal host name to the public, thus potentially exposing internal system information....
Long redirection response is an information leakage vulnerability that occurs in web and API applications. This vulnerability is identified in the CWE directory as CWE-601: URL Redirection to Untrusted Site ('Open Redirect'). It is defined as a security issue where an attacker can use a vulnerable web application to redirect...
Password hash disclosure is an information leakage vulnerability, listed in CWE-209, which occurs when an application discloses the hashed form of a password, usually in plain text, making it easier for attackers to brute force guess the plain text password. Password hashes can be disclosed through web and API applications,...
Password returned in URL query string is an example of an Information Leakage vulnerability (CWE-200) which occurs when the application sends sensitive information in the URL query string, such as passwords and tokens. This vulnerability is most common in web and API applications, where the application sends plaintext passwords in...
phpinfo() page found is an information leakage vulnerability that occurs in web and API applications that use PHP. It arises when an application exposes too much information about the underlying environment, making it easier for attackers to find exploitable vulnerabilities. According to the Common Weakness Enumeration (CWE) directory, this type...
Private IP addresses disclosed, CWE-200, is a vulnerability that occurs when private IP addresses are disclosed to an untrusted source. Private IP addresses are the IP addresses that are used within a private network, as opposed to public IP addresses which are used within the public Internet. As per the...
Private key disclosure is a type of information leakage vulnerability (CWE-200) that occurs when a user unintentionally exposes a private key, such as a cryptographic key, to an attacker. Private keys are used to authenticate users and secure communication and data exchange. When a private key is disclosed, an attacker...
Publicly accessible staging/development environment is an IT vulnerability of the category Information Leakage. This vulnerability occurs when the staging or development environment is publicly accessible and can be reached by anyone. This means that confidential information can be accessed and may be used maliciously. This vulnerability is classified as CWE-532:...
Publicly available Swagger API documentation is a vulnerability that occurs when swagger API documentation is made available to the public on a web page, allowing anyone to browse and access the web page's data. This type of vulnerability is classified as an Information Leakage vulnerability according to the Common Weakness...
Sensible information in database leak discovered is an IT vulnerability that falls under the category of Information Leakage. This vulnerability occurs when an attacker is able to gain access to sensitive information stored in a database, often as a result of poor security protocols or a data breach. According to...
Sensible information leaked is a type of information leakage vulnerability. It refers to the unauthorized disclosure of sensitive or confidential data through the application of web or API services. It is classified as a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and is part of the OWASP Top...
Sibling domain enumeration is a type of information leakage vulnerability which occurs when an application uses DNS subdomains to identify user accounts or services, and that information is exposed in a way that enables attackers to enumerate valid user accounts and services. According to the Common Weakness Enumeration (CWE) directory,...
SNMP Agent Default Community Name (public) is an Information Leakage vulnerability that occurs in Infrastructure. It is identified as CWE-259 and is classified as a weakness in the OWASP Testing Guide. The vulnerability is caused when a system has the default community name set to public which results in the...
Social security numbers disclosed is an information leakage vulnerability (CWE-200) that occurs when personal information, such as social security numbers, is stored insecurely and is accessible to those without the appropriate permissions. This type of vulnerability is most common in web and API applications, as well as databases, and can...
Source Map Code Leak is an Information Leakage vulnerability (CWE-200) where application source code or any other configuration or sensitive data is exposed in source maps. Source maps are used to map JavaScript to its original source code, which can be used to debug applications. Source map code leakage can...
Subdomain enumeration is a type of Information Leakage vulnerability (CWE-200) which occurs when a malicious actor is able to enumerate subdomains of a target domain, often without authorization. Subdomain enumeration is an infrastructure vulnerability which can be used to reveal information about the target's network infrastructure and attack surface. Information...
Use of Wifi API that contains or leaks sensitive PII is a vulnerability categorized in the Common Weakness Enumeration (CWE) directory as CWE-918: Server-Side Request Forgery (SSRF). This vulnerability exists within Android and Mobile App, where the application and its API are susceptible to leaking sensitive personally identifiable information (PII)....
Showing entries 1 to 27 of 27 entries.