CVE-2024-11025 SMA: SQL injection in Sunny Central UP

An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device...

CVE-2024-11025

CVE-2024-11025 corresponds to a SQL injection in the administration panel of SMA Solar Sunny Central devices (SC 1760-US, SC 1850-US, SC 2000 EV-US, and related models). The issue allows an authenticated attacker with low privileges to read and write to a device log file via the injection path. R...

SMA Solar多款产品 SQL注入漏洞

SMA Solar Sunny Central SC 1760-US and others are a solar inverter from SMA Solar, Germany. A SQL injection vulnerability exists in various SMA Solar products. An attacker could exploit the vulnerability to gain read and write access to device-specific log files. The following products are...

PT-2024-16714 · Sma · Sunny Central Sc 1760-Us +28

Name of the Vulnerable Software and Affected Versions: No specific software name or versions are mentioned in the provided descriptions. Description: An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected product's administration panel to gain read and...

The vulnerability of SINEC INS network infrastructure management software lies in the insufficient control over the size of log files created during operations. This allows attackers to trigger service interruptions.

The vulnerability of the SINEC INS network infrastructure management software is related to insufficient control over the size of the log files created. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

CVE-2022-43935

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file...

CVE-2022-43937

Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a...

CVE-2022-43933

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...

CVE-2022-43933

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...

CVE-2022-43937 Brocade SANnav Information Disclosure Vulnerability

Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a...

CVE-2022-43935 Switch passwords and authorization IDs are printed in the embedded MLS DB file

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file...

CVE-2022-43935 Switch passwords and authorization IDs are printed in the embedded MLS DB file

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file...

CVE-2022-43933 configuration secrets are logged in support-save

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...

Broadcom SANnav 安全漏洞

Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Broadcom SANnav versions prior to 2.2.2, which stems from the presence of information disclosure through a log file vulnerability, where configuration secrets are recorded in...

CVE-2024-46891

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources an...

CVE-2024-47588

CVE-2024-47588 affects SAP NetWeaver Java (Software Update Manager 1.1). Under certain upgrade-error conditions, credentials are written in plaintext to a log file, enabling a local attacker (authenticated as a non-administrative user) to exfiltrate credentials from logs. The documented impact is...

CVE-2024-47588 Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

CVE-2024-47588 Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

PT-2024-8709 · Siemens · Sinec Ins

Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 3 Description: A vulnerability has been identified in the affected application where it does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacke...

Git credentials are exposed in Atlantis logs

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Atlantis logs contains GitHub credentials tokens ghs... when they are rotated. Thi...