CVE-2002-1694

Microsoft Internet Information Server IIS 4.0 opens log files with FILESHAREREAD and FILESHAREWRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running...

CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...

CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...

CVE-2005-1909

The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting XSS vulnerability...

Logwatch 2.6 Secure Script - Denial of Service

Logwatch 2.6 Secure Script - Denial of Service source: https://www.securityfocus.com/bid/13273/info Logwatch is prone to a denial of vulnerability in the secure script. This issue may be exploited by a local attacker who can inject a malicious string into a log file, causing a denial of service...

Moderate: Red Hat Security Advisory: logwatch security update

An updated logwatch package that fixes a denial of service issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. LogWatch is a customizable log analysis system. LogWatch parses through your system's logs for a given period of...

[SA14861] AN HTTPD cmdIS.DLL Buffer Overflow and Log File Injection

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: AN HTTPD cmdIS.DLL Buffer Overflow and Log File...

CVE-2005-0480

Cross-site scripting XSS vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file...

CVE-2005-0694

Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv...

gProFTPD ProFTPD FTP server monitoring tool format tring bug

Format string bug during server log file parsing...

CVE-2004-1513

The CVE-2004-1513 entry concerns 04WebServer 1.42, where log-writing data is not properly filtered, allowing remote attackers to inject carriage return characters and spoof log entries. The issue affects the logging component, enabling log tampering without affecting other content. The provided s...

CVE-2005-0481

TrackerCam 5.12 and earlier allows remote attackers to read log files via the fn parameter in a direct request to the ComGetLogFile.php3 script...

CVE-2004-1513

04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries...

CVE-2005-0480

Cross-site scripting XSS vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file...

CVE-2005-0481

TrackerCam 5.12 and earlier is affected. A remote attacker can read log files by supplying a fn parameter to the ComGetLogFile.php3 script. The affected component is the ComGetLogFile.php3 endpoint of TrackerCam; root cause details are not specified in the provided documents. Impact is partial co...

AWStats 5.x6.x - Logfile Remote Command Execution

AWStats 5.x6.x - Logfile Remote Command Execution source: https://www.securityfocus.com/bid/12572/info AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data. Specifically, the...

AWStats: Remote code execution

Background AWStats is an advanced log file analyzer and statistics generator. Description When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin rawlog was not...

[NEWS] Multiple Vulnerabilities in Netgear FVS318 Router

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

[Full-Disclosure] Minis directory traversal vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Minis directory traversal vulnerability Vulnerability discovery: Madelman madelman AT iname.com Date: 31/12/2004 Severity: Moderate Summary: - -------- from vendor site: http://minis.sourceforge.net/ Minis is a tiny, PHP-powered, text-file base...

CVE-2004-1513

04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries...