IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.
lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.
Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export
Moodle before 2.2.2: Overview report allows users to see hidden courses
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results
The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their ...