844 matches found
CVE-2020-6261
SAP Solution Manager (Trace Analysis) 7.20 is affected. The issue allows log injection into the trace file due to incomplete XML validation, impairing readability of trace files. No explicit remediation or patch version is provided in the connected documents. References point to SAP notes/wiki en...
Log Injection
generator-jhipster is vulnerable to log injection. The vulnerability is possible because it uses public API for creating log entries for invalid password reset attempts to the user-provided emails during jwt or session authentication, allowing an attacker to forge log entries...
PT-2020-14368 · Zyxel · Zyxel Cloudcnm Secumanager
Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue allows escape-sequence injection into the /var/log/axxmpp.log file. This is related to the API endpoint /var/log/axxmpp.log, but specific vulnerable parameters or...
GHSA-PFXF-WH96-FVJC Log Forging in generator-jhipster-kotlin
Impact We log the mail for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt...
Log Forging in generator-jhipster-kotlin
Impact We log the mail for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt...
CVE-2020-5304
The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...
CVE-2020-5304
The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...
Code injection
The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...
CVE-2020-5304
CVE-2020-5304 affects WhiteSource Application Vulnerability Management (AVM) prior to version 20.4.1. The vulnerability allows log injection by sending a %0A%0D substring in the idp parameter to the /saml/login URI, which can close the current log and create a new log line with attacker-controlle...
CVE-2020-5304
The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...
CVE-2020-1996
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log fil...
CVE-2020-1996 PAN-OS: Panorama management server log injection
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log fil...
PAN-OS: Panorama management server log injection
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log fil...
BTC Public Chain Log Injection Vulnerability
Bitcoin is an e-currency created with open source P2P software. A security vulnerability exists in bitcoind and Bitcoin-Qt versions prior to 0.17.1. An attacker can exploit the vulnerability by injecting arbitrary data into debug logs with the help of RPC calls...
Log Injection
util-linux is vulnerable to log injection. The vulnerability exists in util-linux when logging log in attempts via the audit subsystem of the Linux kernel. A remote attacker could use this flaw to modify certain parts of logged events, possibly hiding their activities on a system...
CVE-2018-20586
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...
Design/Logic Flaw
In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...
Log injection in SimpleSAMLphp
Background SimpleSAMLphp has a logging functionality that allows system administrators to keep track of the activity, errors, and statistics. Additionally, it allows users to report errors, shall they happen. An error report contains a report identifier, which is logged once submitted. Descriptio...
GHSA-6GC6-M364-85WW Log injection in SimpleSAMLphp
Background SimpleSAMLphp has a logging functionality that allows system administrators to keep track of the activity, errors, and statistics. Additionally, it allows users to report errors, shall they happen. An error report contains a report identifier, which is logged once submitted. Descriptio...
CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...