CVE-2011-1489

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message...

systemd: out-of-bounds read when parsing a crafted syslog message

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data...

CVE-2019-17041

An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter in this case, a space or a colon but fails to account for strings that do not satisfy this...

CVE-2019-17042

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...

CVE-2019-17041

CVE-2019-17041 affects rsyslog. Connected sources confirm a heap overflow in the AIX log-message parser (contrib/pmaixforwardedfrom/pmaixforwardedfrom.c). The overflow occurs when lenMsg underflows after parsing a delimiter, leading to a heap overflow via memmove. Public notes corroborate a fixed...

"netScalerLoginFailure" SNMP trap recieved and log message appear in /var/log/ns.log on NetScaler when logging in using SSH Key based authentication

When SSH Key based authentication is being used, each time the a user logs in and authentication is performed using the SSH key pair, the following symptoms maybe observed: Following messages are seen in /var/log/ns.log Mar 12 12:16:48 10.10.10.10 03/12/2019:12:16:48 GMT NetScaler 0-PPE-2 : defau...

OPENSUSE-SU-2019:0238-1 Security update for ansible

This update for ansible fixes the following issues: Security vulnerabilities fixed: - CVE-2018-16876: Respect nolog on retry and high verbosity bsc1118896 - CVE-2018-16859: Windows - prevent sensitive content from appearing in scriptblock logging bsc1116587 - CVE-2018-10855: Fixed the honouration...

CVE-2019-7351

Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...

CVE-2019-7335

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...

CVE-2019-7335

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...

UBUNTU-CVE-2019-7335

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...

DEBIAN-CVE-2019-7335

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...

CVE-2019-7335

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...

CVE-2019-7335

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...

CVE-2019-7335

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...

Error: "Backup Failure: Could not find required XVA" on NetScaler SDX

After upgrading NetScaler SDX and Netscaler VPX firmware to any newer version you will get daily notifications about backups failing: For Example the Log Message is as below: Local0.Error 10.xx.xx. svmevent: GMT : EVENT BACKUPFAILED : 127.0.0.1:BackupFailure: - Could not find required XVA for...

In XenMobile Server Command Line Console :The error shows a message"hrtimer: interrupt took * ns"

Opening the XenMobile Server console: The error shows a message "hrtimer: interrupt took ns": This is a system level message, it’s just a info log from the system. It is a generic warning from the kernel, that some hardware interrupt took longer than expected to service...

Subversion 1.6.6/1.6.12 - Code Execution

This is an exploit for the subversion vulnerability published as CVE-2013-2088. Author: GlacierZ0ne [email protected] Exploit Type: Code Execution Access Type: Authenticated Remote Exploit Prerequisites: svn command line client available, subversion server exposes webdav through apache,...

MS15-0 8 3: Windows SMB memory corruption vulnerability analysis-vulnerability warning-the black bar safety net

2 0 1 5 年 8 月 1 1, Microsoft has released1 4 a security patch, which includes an SMB Server patch. In this article I will explain how I trigger the vulnerability. Microsoft Security Bulletin MS15-0 8 3 In all of the repair patch, I“vulnerability in Server Message Block could allow remote code...

CVE-2015-3364

Cross-site scripting XSS vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message...