Lucene search
K

93 matches found

seebug.org
seebug.org
added 2014/09/18 12:0 a.m.17 views

Syslog LogAnalyzer 3.6.5 - Stored XSS (Python Exploit)

No description provided by source. !/usr/bin/env python coding: utf-8 import os import syslog from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '87249' ssvid version = '1.0' author = 'coc' vulDate = '' createDat...

7.1AI score
Exploits0
NVD
NVD
added 2014/09/11 2:16 p.m.19 views

CVE-2014-6070

Multiple cross-site scripting XSS vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in 1 index.php or 2 detail.php...

4.3CVSS5.7AI score0.03582EPSS
Exploits6References5
UbuntuCve
UbuntuCve
added 2014/09/11 2:16 p.m.15 views

CVE-2014-6070

Multiple cross-site scripting XSS vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in 1 index.php or 2 detail.php...

4.3CVSS5.9AI score0.03582EPSS
Exploits6References1
Prion
Prion
added 2014/09/11 2:16 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in 1 index.php or 2 detail.php...

4.3CVSS6AI score0.03582EPSS
Exploits6References5Affected Software1
CVE
CVE
added 2014/09/11 2:0 p.m.64 views

CVE-2014-6070

Summary (CVE-2014-6070): Adiscon LogAnalyzer prior to 3.6.6 is affected by cross-site scripting (XSS) via the hostname field used in index.php and detail.php. The root cause is improper sanitization of the hostname retrieved from log files, allowing an attacker to inject arbitrary HTML/JavaScript...

4.3CVSS5.7AI score0.03582EPSS
Exploits6References5Affected Software1
Cvelist
Cvelist
added 2014/09/11 2:0 p.m.27 views

CVE-2014-6070

Multiple cross-site scripting XSS vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in 1 index.php or 2 detail.php...

5.6AI score0.03582EPSS
Exploits6References5
Debian CVE
Debian CVE
added 2014/09/11 2:0 p.m.13 views

CVE-2014-6070

Removed by vendor...

4.3CVSS6.7AI score0.03582EPSS
Exploits6
0day.today
0day.today
added 2014/09/08 12:0 a.m.40 views

Syslog LogAnalyzer 3.6.5 - Stored XSS Exploit

Exploit for multiple platform in category web applications Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and sending ...

7.1AI score0.03582EPSS
Exploits6
0day.today
0day.today
added 2014/09/04 12:0 a.m.34 views

LogAnalyzer 3.6.5 Cross Site Scripting Vulnerability

LogAnalyzer version 3.6.5 suffers from a cross site scripting vulnerability. Author: Dolev Farhi @dolevff Application: LogAnalyzer Date: 8.2.2014 Tested on: Red Hat Enterprise Linux 6.4 Relevant CVEs: CVE-2014-6070 1. About the application ------------------------ LogAnalyzer is a web interface t...

4.3CVSS5.9AI score0.03582EPSS
Exploits6
exploitpack
exploitpack
added 2014/09/02 12:0 a.m.33 views

Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)

Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting Python Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and...

4.3CVSS6.1AI score0.03582EPSS
Exploits6
Packet Storm
Packet Storm
added 2014/09/02 12:0 a.m.32 views

LogAnalyzer 3.6.5 Cross Site Scripting

Author: Dolev Farhi @dolevff Application: LogAnalyzer Date: 8.2.2014 Tested on: Red Hat Enterprise Linux 6.4 Relevant CVEs: CVE-2014-6070 1. About the application ------------------------ LogAnalyzer is a web interface to syslog and other network event data. It provides easy browsing, analysis of...

4.3CVSS6.5AI score0.03582EPSS
Exploits6
Exploit DB
Exploit DB
added 2014/09/02 12:0 a.m.30 views

Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting

Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and sending an arbitrary syslog message, a client-side script injection...

4.3CVSS6.5AI score0.03582EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2013/03/05 12:0 a.m.24 views

LogAnalyzer asktheoracle.php 'query' Parameter XSS

The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'query' parameter of the 'asktheoracle.php' script. An attacker can exploit this issue inject arbitrary HTML and script code into a...

5.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/02/06 12:0 a.m.24 views

LogAnalyzer userchange.php 'viewid' Parameter XSS

The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'viewid' parameter of the 'userchange.php' script. An attacker can exploit this issue to inject arbitrary HTML and script code into a...

5.7AI score
Exploits0References1
Packet Storm
Packet Storm
added 2012/12/28 12:0 a.m.24 views

Log Analyzer 3.6.0 Cross Site Scripting

Title: ====== Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability Date: ===== 2012-12-20 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=792 Vendor:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/12/20 12:0 a.m.17 views

Loganalyzer 3.6.0 Cross Site Scripting

Product: LogAnalyzer Version: 3.6.0 Vendor: www.adiscon.com Vulnerability type: Cross Site Scripting Risk level: Low Vendor notification: 2012-12-15 Patch Release: 2012-12-19 Public disclosure: 2012-12-20 Author: Mohd Izhar Bin Ali aka johncrackernet Website: http://johncrackernet.blogspot.com...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/12/20 12:0 a.m.33 views

Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability

Document Title: =============== Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=792 Vendor:...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/09/17 12:0 a.m.20 views

LogAnalyzer index.php 'highlight' Parameter XSS

The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'highlight' parameter of the 'index.php' script. An attacker can exploit this issue to inject arbitrary HTML and script code into a...

4.3CVSS5.7AI score0.01247EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2012/09/17 12:0 a.m.19 views

LogAnalyzer index.php 'filter' Parameter XSS

The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'filter' parameter of the 'index.php' script. An attacker can exploit this issue to inject arbitrary HTML and script code into a user...

5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/09/17 12:0 a.m.14 views

LogAnalyzer Detection

The remote web server hosts Adiscon LogAnalyzer, a monitoring application used to view Syslog messages and Windows Events via a web interface written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62122; scriptversion"1.4";...

5.5AI score
Exploits0References1
Rows per page
Query Builder