4561 matches found
VulnCheck KEV: CVE-2023-21492
Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization ASLR bypass...
Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability (CNVD-2021-05522)
Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A cross-site scripting vulnerability exists in the web management interface ...
CVE-2021-1127
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...
CVE-2021-1127
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...
CVE-2021-1127 Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...
CVE-2021-1127
Cisco Enterprise NFV Infrastructure Software (NFVIS) web-based management interface is affected by a cross-site scripting (XSS) vulnerability caused by improper input validation of log file contents. An authenticated attacker could modify a log file to include malicious code and persuade a user t...
CVE-2021-1127 Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...
CVE-2021-3032
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of...
Design/Logic Flaw
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of...
CVE-2021-3032
CVE-2021-3032 affects Palo Alto Networks PAN-OS: information exposure via logrcvr.log where configuration secrets for the http, email, and snmptrap v3 log forwarding server profiles may be logged. Affected are PAN-OS 8.1 before 8.1.18; 9.0 before 9.0.12; 9.1 before 9.1.4; 10.0 before 10.0.1. The ...
CVE-2021-3032 PAN-OS: Configuration secrets for log forwarding may be logged in system logs
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of...
Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...
Palo Alto Networks PAN-OS 8.1.x < 8.1.18 / 9.0.x < 9.0.12 / 9.1.x < 9.1.4 / 10.0.x < 10.0.1 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.18 or 9.0.x prior to 9.0.12 or 9.1.x prior to 9.1.4 or 10.0.x prior to 10.0.1. It is, therefore, affected by a vulnerability. - An information exposure through log file vulnerability exists in Palo Alto...
Directory Traversal in spring-boot-actuator-logview
Impact The nature of this library is to expose a log file directory via admin spring boot actuator HTTP endpoints. Both the filename to view and a base folder relative to the logging folder root can be specified via request parameters. While the filename parameter was checked to prevent directory...
DELL Dell EMC Unity和UnityVSA 日志信息泄露漏洞
Dell EMC Unity is a unified storage array product. the UnityVSA is a set of virtual Unity storage environments. An information disclosure vulnerability exists in Dell EMC Unity, Unity XT and UnityVSA versions prior to 5.0.4.0.5.012. The vulnerability stems from the program storing user credential...
Default credentials
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file such as debuglog.txt that contains all password-reset link...
CVE-2020-35234
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file such as debuglog.txt that contains all password-reset link...
IBM HTTP Server 8.5.0.0 <= 8.5.5.0 / 8.0.0.0 <= 8.0.0.6 / 7.0.0.0 <= 7.0.0.29 / 6.1.0.0 <= 6.1.0.45 (491411)
The version of IBM HTTP Server running on the remote host is affected by a vulnerability. modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non- printable characters, which might allow remote attackers to execute...
PT-2020-6819 · Samsung +1 · Samsung Mobile Devices +1
Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices versions prior to SMR MAR-2021 Release 1 Description: The issue is related to an improper access control vulnerability in the sec log file, which exposes sensitive kernel information to userspace. This vulnerability is...