CVE-2024-24272

An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret...

PT-2024-20332 · Itop · Itop Dualsafe Password Manager & Digital Vault

Name of the Vulnerable Software and Affected Versions: iTop DualSafe Password Manager & Digital Vault versions prior to 1.4.24 Description: An issue in the software allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by th...

CVE-2024-24272

CVE-2024-24272 affects iTop DualSafe Password Manager & Digital Vault prior to 1.4.24. The issue allows a local attacker to obtain sensitive information (credentials) in plaintext via a log file accessible to a local user without knowledge of the master secret. The root cause is leakage of creden...

iTop DualSafe Password Manager & Digital Vault 安全漏洞

iTop DualSafe Password Manager & Digital Vault is a password manager extension from iTop Inc. A security vulnerability exists in iTop DualSafe Password Manager & Digital Vault versions prior to 1.4.24, which originated from a vulnerability that allows a local attacker to gain access to sensitive...

CVE-2024-24272

An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret...

CVE-2023-41877

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

GeoServer log file path traversal vulnerability

Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...

GHSA-8G7V-VJRC-X4G5 GeoServer log file path traversal vulnerability

Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...

CVE-2023-41877 GeoServer log file path traversal vulnerability

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

CVE-2023-41877 GeoServer log file path traversal vulnerability

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

CVE-2023-41877 GeoServer log file path traversal vulnerability

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

CVE-2023-41877

GeoServer path traversal vulnerability (CVE-2023-41877) affects GeoServer 2.23.4 and earlier. The issue requires GeoServer Administrator access to misconfigure the Global Settings for log file location, enabling an attacker to view logs via the GeoServer Logs page. The core impact includes potent...

Elspec G5 digital fault recorder security vulnerability

The Elspec G5 digital fault recorder is a digital fault recorder from Elspec, Israel, used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 digital fault recorder version 1.1.4.15 and earlier, which stems from a log file that...

GeoServer Path Traversal Vulnerability

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A path traversal vulnerability exists in GeoServer 2.23.4 and earlier versions, which stems from an administrator misconfiguring the log file, resulting in a path traversal vulnerabilit...

CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

DEBIAN-CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

Schneider Electric Easergy T200 Security Vulnerability

Schneider Electric Easergy T200 is an intelligent digital protection terminal from Schneider Electric France. It is mainly used for protection and control in power systems to help monitor and protect power equipment from faults and abnormal operations, thus ensuring stable operation of the power...

LDAP Account Manager Injection Vulnerability

LDAP Account Manager is a web front-end for managing entries e.g. users, groups, DHCP settings stored in LDAP directories. A security vulnerability exists in LDAP Account Manager LAM versions prior to 8.7, which stems from a logging configuration that allows arbitrary paths to be specified for lo...

CVE-2023-27502

Insertion of sensitive information into log file for some IntelR Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2023-27502

Insertion of sensitive information into log file for some IntelR Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access...