- Ruby on Rails applications store database configuration information in a file named config/database.yml. By default it contains three configurations: production, development, and test. The information stored in this file is highly sensitive and should not be found in a production system.
- Restrict access to this file or remove it from the system.
- Zend Framework local file disclosure via XXE injection
- WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)
- WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)
- X-Forwarded-For HTTP header security bypass
- Microsoft IIS5 NTLM and Basic authentication bypass