93 matches found
Syslog LogAnalyzer 3.6.5 - Stored XSS (Python Exploit)
No description provided by source. !/usr/bin/env python coding: utf-8 import os import syslog from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '87249' ssvid version = '1.0' author = 'coc' vulDate = '' createDat...
CVE-2014-6070
Multiple cross-site scripting XSS vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in 1 index.php or 2 detail.php...
CVE-2014-6070
Multiple cross-site scripting XSS vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in 1 index.php or 2 detail.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in 1 index.php or 2 detail.php...
CVE-2014-6070
Summary (CVE-2014-6070): Adiscon LogAnalyzer prior to 3.6.6 is affected by cross-site scripting (XSS) via the hostname field used in index.php and detail.php. The root cause is improper sanitization of the hostname retrieved from log files, allowing an attacker to inject arbitrary HTML/JavaScript...
CVE-2014-6070
Multiple cross-site scripting XSS vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in 1 index.php or 2 detail.php...
CVE-2014-6070
Removed by vendor...
Syslog LogAnalyzer 3.6.5 - Stored XSS Exploit
Exploit for multiple platform in category web applications Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and sending ...
LogAnalyzer 3.6.5 Cross Site Scripting Vulnerability
LogAnalyzer version 3.6.5 suffers from a cross site scripting vulnerability. Author: Dolev Farhi @dolevff Application: LogAnalyzer Date: 8.2.2014 Tested on: Red Hat Enterprise Linux 6.4 Relevant CVEs: CVE-2014-6070 1. About the application ------------------------ LogAnalyzer is a web interface t...
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting Python Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and...
LogAnalyzer 3.6.5 Cross Site Scripting
Author: Dolev Farhi @dolevff Application: LogAnalyzer Date: 8.2.2014 Tested on: Red Hat Enterprise Linux 6.4 Relevant CVEs: CVE-2014-6070 1. About the application ------------------------ LogAnalyzer is a web interface to syslog and other network event data. It provides easy browsing, analysis of...
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting
Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and sending an arbitrary syslog message, a client-side script injection...
LogAnalyzer asktheoracle.php 'query' Parameter XSS
The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'query' parameter of the 'asktheoracle.php' script. An attacker can exploit this issue inject arbitrary HTML and script code into a...
LogAnalyzer userchange.php 'viewid' Parameter XSS
The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'viewid' parameter of the 'userchange.php' script. An attacker can exploit this issue to inject arbitrary HTML and script code into a...
Log Analyzer 3.6.0 Cross Site Scripting
Title: ====== Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability Date: ===== 2012-12-20 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=792 Vendor:...
Loganalyzer 3.6.0 Cross Site Scripting
Product: LogAnalyzer Version: 3.6.0 Vendor: www.adiscon.com Vulnerability type: Cross Site Scripting Risk level: Low Vendor notification: 2012-12-15 Patch Release: 2012-12-19 Public disclosure: 2012-12-20 Author: Mohd Izhar Bin Ali aka johncrackernet Website: http://johncrackernet.blogspot.com...
Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability
Document Title: =============== Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=792 Vendor:...
LogAnalyzer index.php 'highlight' Parameter XSS
The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'highlight' parameter of the 'index.php' script. An attacker can exploit this issue to inject arbitrary HTML and script code into a...
LogAnalyzer index.php 'filter' Parameter XSS
The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'filter' parameter of the 'index.php' script. An attacker can exploit this issue to inject arbitrary HTML and script code into a user...
LogAnalyzer Detection
The remote web server hosts Adiscon LogAnalyzer, a monitoring application used to view Syslog messages and Windows Events via a web interface written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62122; scriptversion"1.4";...