32 matches found
Klog Server <=2.41 - Unauthenticated Command Injection
Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...
KLog Server - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1. id: CVE-2025-1035 info: name: KLog Server - Path Traversal author: s4e-io...
CVE-2025-1035
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1...
CVE-2021-3317
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shellexec on the original value of the source parameter...
CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter...
CVE-2025-1035
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1...
CVE-2025-1035 Path Traversal in Komtera Technolgies' KLog Server
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1...
CVE-2025-1035
The CVE-2025-1035 entry concerns Komtera Technolgies KLog Server with a Path Traversal vulnerability (versions prior to 3.1.1). The issue arises from improper limitation of a pathname to a restricted directory, allowing manipulation of web input to file system calls. Impact is described as potent...
CVE-2025-1035 Path Traversal in Komtera Technolgies' KLog Server
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1...
Exploit for OS Command Injection in Klogserver Klog_Server
Information py Exploit Title: Klog Server 2.4.1 - Command...
Exploit for OS Command Injection in Klogserver Klog_Server
Information Exploit Title: Klog Server 2.4.1 - Command Inject...
Klog Server 2.4.1 Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command executio...
Klog Server 2.4.1 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server authenticate.php user Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injectio...
Klog Server authenticate.php user Unauthenticated Command Injection
This module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the...
Klog Server 2.4.1 - Command Injection (Authenticated)
Exploit Title: Klog Server 2.4.1 - Command Injection Authenticated Date: 26.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Description: https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection CVE: 2021-3317 """...
Klog Server 2.4.1 Command Injection
Exploit Title: Klog Server 2.4.1 - Command Injection Authenticated Date: 26.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Description: https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection CVE: 2021-3317 """...
CVE-2021-3317
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shellexec on the original value of the source parameter...
CVE-2021-3317
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shellexec on the original value of the source parameter...
Command injection
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shellexec on the original value of the source parameter...
CVE-2021-3317
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shellexec on the original value of the source parameter...