CVE-2024-52891

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization...

CVE-2024-8297

Summary: CVE-2024-8297 affects kitsada8621 Digital Library Management System v1.0. The vulnerability lies in the function JwtRefreshAuth within middleware/jwt_refresh_token_middleware.go , where manipulation of the Authorization parameter leads to improper output neutralization for logs. This iss...

PYSEC-2024-271

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

CVE-2024-0987 Sichuan Yougou Technology KuERP log neutralization for logs

A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclosed to the public and may be used. The...

EcoStruxure Geo SCADA Expert 安全漏洞

EcoStruxure Geo SCADA Expert is an integrated, scalable, and reliable Supervisory Control and Data Acquisition SCADA software. A security vulnerability exists in EcoStruxure Geo SCADA Expert that stems from an improper output neutralization issue with the device's logs, which can lead to incorrec...

PT-2023-10190 · Cisco · Opendns Openresolve

Name of the Vulnerable Software and Affected Versions: OpenDNS OpenResolve affected versions not specified Description: A problematic vulnerability has been found in OpenDNS OpenResolve, affecting an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output...

PT-2022-25520 · Codeboxr · Codeboxr Cbx User Online & Last Login Plugin

Name of the Vulnerable Software and Affected Versions: codeboxr CBX User Online & Last Login Plugin affected versions not specified Description: A vulnerability was found in the codeboxr CBX User Online & Last Login Plugin, affecting the HTTP Header Handler component. The manipulation of the...

CVE-2022-22151

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions fr...