The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.
lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.
Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export
Moodle before 2.2.2: Overview report allows users to see hidden courses
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their ...
Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses.