Lucene search
K

843 matches found

OSV
OSV
added 2020/01/24 9:15 p.m.13 views

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.4CVSS7AI score
Exploits0References2
Prion
Prion
added 2020/01/24 9:15 p.m.19 views

Design/Logic Flaw

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.5CVSS5.6AI score0.00653EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/01/24 9:15 p.m.3 views

UBUNTU-CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.4CVSS5.8AI score0.00653EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/01/24 9:15 p.m.21 views

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.5CVSS6AI score0.00653EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/01/24 8:55 p.m.34 views

CVE-2020-5225 Log injection in SimpleSAMLphp

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

4.4CVSS5.6AI score0.00653EPSS
Exploits0References2
CVE
CVE
added 2020/01/24 8:55 p.m.84 views

CVE-2020-5225

The CVE-2020-5225 issue affects SimpleSAMLphp up to version 1.18.3, where the www/errorreport.php endpoint did not sanitize the reportID parameter, allowing an attacker to inject newline characters and append arbitrary log lines when the file logging handler is used. This could lead to log inject...

5.5CVSS5.1AI score0.00653EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/01/24 8:55 p.m.15 views

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.5CVSS5.6AI score0.00653EPSS
Exploits0
Snyk
Snyk
added 2019/11/26 3:15 a.m.4 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers t...

5.3CVSS7.2AI score0.01521EPSS
Exploits0References2
Prion
Prion
added 2019/10/17 6:15 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...

4.3CVSS6AI score0.01659EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2019/07/05 8:15 p.m.2 views

CVE-2018-16386

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

7.5CVSS5.9AI score0.01138EPSS
Exploits0References1
NVD
NVD
added 2019/07/05 8:15 p.m.15 views

CVE-2018-16386

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

7.5CVSS7.6AI score0.01138EPSS
Exploits0References1
Prion
Prion
added 2019/07/05 8:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

5CVSS7.5AI score0.01138EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/07/05 7:58 p.m.346 views

CVE-2018-16386

SWIFT Alliance Web Platform 7.1.23 is affected. The issue is a log injection vulnerability where PATH_INFO to swp/login/EJBRemoteService/ can lead to arbitrary log filename and injection in error logs (null@java:comp/env/ error messages) as described in CVE-2018-16386 entries. The connected docum...

7.5CVSS7.5AI score0.01138EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/05 7:58 p.m.15 views

CVE-2018-16386

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

7.6AI score0.01138EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/19 12:0 a.m.5 views

Netdata Log Injection Vulnerability

Netdata is a real-time Linux performance monitoring tool. Netdata 1.10.0 suffers from a log injection vulnerability. The vulnerability can be exploited to conduct log injection attacks via the %0a sequence in the url parameter of api/v1/registry...

7.5CVSS7.3AI score0.02172EPSS
Exploits1References1
OSV
OSV
added 2019/06/18 4:15 p.m.14 views

CVE-2018-18838

An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...

7.5CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2019/06/18 4:15 p.m.2 views

DEBIAN-CVE-2018-18838

An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...

7.5CVSS7.2AI score0.02172EPSS
Exploits1References1
Prion
Prion
added 2019/06/18 4:15 p.m.13 views

Sql injection

An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...

5CVSS7.5AI score0.02172EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2019/06/18 4:15 p.m.21 views

CVE-2018-18838

An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...

7.5CVSS7.1AI score0.02172EPSS
Exploits1References5
OSV
OSV
added 2019/06/18 4:15 p.m.2 views

UBUNTU-CVE-2018-18838

An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...

7.5CVSS7.1AI score0.02172EPSS
Exploits1References6
Rows per page
Query Builder