CVE-2024-36383

An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage...

CVE-2024-36383

Vulnerability summary: Logpoint SAML Authentication before 6.0.3 is affected by an issue where an attacker can place a crafted filename in the state field of a SAML SSO URL response, leading to deletion of the corresponding file and a SAML login outage. This affects Logpoint SAML Authentication p...

CVE-2024-36383

An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage...

Logpoint 安全漏洞

Logpoint is a network security application from Logpoint Denmark. A security vulnerability exists in Logpoint SAML Authentication prior to version 6.0.3, which stems from a faulty authentication and may result in an interrupted authentication login...

PT-2024-3950 · Logpoint · Logpoint Saml Authentication

Name of the Vulnerable Software and Affected Versions: Logpoint SAML Authentication versions prior to 6.0.3 Description: An issue in Logpoint SAML Authentication allows an attacker to place a crafted filename in the state field of a SAML SSO-URL response. This can lead to the deletion of the file...

CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...

CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...

CVE-2024-33860

An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion LFI when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs...

CVE-2024-33860

An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion LFI when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs...

CVE-2024-33858

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The sourcename parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory...

CVE-2024-33856

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint...

CVE-2024-33857

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery...

CVE-2024-33858

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The sourcename parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory...

CVE-2024-33856

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint...

CVE-2024-33857

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery...

CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...

Logpoint 跨站脚本漏洞

Logpoint is a network security application from the Danish company Logpoint. A cross-site scripting vulnerability exists in Logpoint versions prior to 7.4.0, which stems from HTML code sent via logs that is not escaped in Interesting Field's Web UI, resulting in cross-site scripting...

CVE-2024-33858

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The sourcename parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory...

CVE-2024-33857

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.4.0 that stems from the ability to view the contents of a specified file in incoming logs when an arbitrary file path is used in the file system collector...