843 matches found
CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
Design/Logic Flaw
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
UBUNTU-CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
CVE-2020-5225 Log injection in SimpleSAMLphp
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
CVE-2020-5225
The CVE-2020-5225 issue affects SimpleSAMLphp up to version 1.18.3, where the www/errorreport.php endpoint did not sanitize the reportID parameter, allowing an attacker to inject newline characters and append arbitrary log lines when the file logging handler is used. This could lead to log inject...
CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers t...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...
CVE-2018-16386
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...
CVE-2018-16386
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...
Design/Logic Flaw
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...
CVE-2018-16386
SWIFT Alliance Web Platform 7.1.23 is affected. The issue is a log injection vulnerability where PATH_INFO to swp/login/EJBRemoteService/ can lead to arbitrary log filename and injection in error logs (null@java:comp/env/ error messages) as described in CVE-2018-16386 entries. The connected docum...
CVE-2018-16386
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...
Netdata Log Injection Vulnerability
Netdata is a real-time Linux performance monitoring tool. Netdata 1.10.0 suffers from a log injection vulnerability. The vulnerability can be exploited to conduct log injection attacks via the %0a sequence in the url parameter of api/v1/registry...
CVE-2018-18838
An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...
DEBIAN-CVE-2018-18838
An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...
Sql injection
An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...
CVE-2018-18838
An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...
UBUNTU-CVE-2018-18838
An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...