Lucene search
K

52 matches found

CVE
CVE
added 2024/03/18 9:7 p.m.86 views

CVE-2024-23333

LAM (LDAP Account Manager) contains a vulnerability where log configuration allows arbitrary log-file paths. In versions before 8.7, an attacker could cause PHP code to be written to a log file and later executed when accessed via web. Mitigation requires knowledge of LAM’s master configuration p...

7.9CVSS6.8AI score0.17868EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/03/18 9:7 p.m.21 views

CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

7.9CVSS7.7AI score0.17868EPSS
Exploits0
Cvelist
Cvelist
added 2024/03/18 9:7 p.m.38 views

CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

7.9CVSS7.9AI score0.17868EPSS
Exploits0References2
OSV
OSV
added 2024/02/23 11:7 a.m.1 views

OESA-2024-1190 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

5.5CVSS6.7AI score0.00301EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/02/07 8:46 p.m.2 views

ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as...

5.5CVSS6.8AI score0.00301EPSS
Exploits0References5
OSV
OSV
added 2024/02/06 12:15 p.m.3 views

PYSEC-2024-36

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive...

5.5CVSS6.9AI score0.00301EPSS
Exploits0References6
PyPA
PyPA
added 2024/02/06 12:15 p.m.7 views

PYSEC-2024-36

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive...

5.5CVSS8.4AI score0.00301EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/03 4:23 p.m.3 views

CVE-2023-46741 CubeFS leaks magic secret key when starting Blobstore access service

CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys...

4.8CVSS9.4AI score0.00301EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/07/31 3:15 p.m.5 views

CVE-2023-38310

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in...

5.4CVSS6.2AI score0.00489EPSS
Exploits1References3
Citrix
Citrix
added 2023/03/02 12:0 a.m.8 views

Web log client "login unsuccessful" using nsroot

C:\NSWL\binnswl -start -f c:\nswl\etc\log.conf Debug log file is ./nswl.log-130620221156 & Log level is 1 NetScaler weblogging configuration file c:\nswl\etc\log.conf is correct Login unsuccessful nspe=redacted IP:user=nsroot!!!...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.3 views

SUSE CVE-2015-5194

The logconfigcommand function in ntpparser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service ntpd crash via crafted logconfig commands...

7.5CVSS7.9AI score0.05536EPSS
Exploits0References10
OSV
OSV
added 2022/11/23 1:15 a.m.3 views

CVE-2020-23593

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery CSRF attack to enable syslog mode through ' /mgmlogcfg.asp.' The system starts to log events, 'Remote' mode or 'Both...

6.5CVSS5.3AI score0.00435EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.4 views

Optilink Network OP-XT71000N 跨站请求伪造漏洞

The Optilink Network OP-XT71000N is a wireless router from Optilink Network India. A cross-site request forgery vulnerability exists in the Optilink Network OP-XT71000N version V2.2, which stems from the fact that it allows an unauthenticated, remote attacker to enable syslog mode via...

6.5CVSS6.4AI score0.00435EPSS
Exploits0References2
OSV
OSV
added 2021/04/06 5:15 a.m.3 views

CVE-2021-28180

The specific function in ASUS BMC’s firmware Web management page Audit log configuration setting does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the W...

4.9CVSS5.9AI score0.0181EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/04/06 5:2 a.m.18 views

CVE-2021-28180 ASUS BMC's firmware: buffer overflow - Audit log configuration setting

The specific function in ASUS BMC’s firmware Web management page Audit log configuration setting does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the W...

4.9CVSS5.5AI score0.0181EPSS
Exploits0References3
OSV
OSV
added 2017/10/06 5:29 p.m.2 views

CVE-2017-9273

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes...

5.3CVSS5.8AI score0.00753EPSS
Exploits0References1
NVD
NVD
added 2017/10/06 5:29 p.m.17 views

CVE-2017-9273

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes...

5.3CVSS5.2AI score0.00753EPSS
Exploits0References1
Prion
Prion
added 2017/10/06 5:29 p.m.15 views

Design/Logic Flaw

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes...

5CVSS7AI score0.00753EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/10/06 5:0 p.m.21 views

CVE-2017-9273

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes...

5.2AI score0.00753EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/21 12:0 a.m.1 views

InterSect Alliance SNARE Epilog for UNIX Cross-Site Scripting Vulnerability

InterSect Alliance is providing commercial support for Snare Enterprise Agent and Snare Server. A cross-site scripting vulnerability exists in InterSect Alliance SNARE Epilog for UNIX version 1.5. This allows remote authenticated users to inject arbitrary web script or HTML via the strlogname...

5.4CVSS5.9AI score0.00599EPSS
Exploits1References1
Rows per page
Query Builder