Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.4.0 that originates from a vulnerability that allows an attacker to enumerate a list of valid usernames by observing the response time of the Forgot Passwor...

CVE-2024-33857

The CVE-2024-33857 affects Logpoint before 7.4.0. Lack of input validation on URLs in threat intelligence allows a low-privilege attacker to trigger server-side request forgery (SSRF). CVSS v3.1: Critical (9.6) with network access, low attack complexity, low privileges, no user interaction; impac...

PT-2024-25513 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.4.0 Description: A path injection issue is present when adding a CSV enrichment source. The source name parameter can be modified to an absolute path, allowing the CSV file to be written to that path inside the /t...

CVE-2024-33860

An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion LFI when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs...

CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.4.0, which stems from a lack of input validation of URLs in threat intelligence, and allows an attacker with low-level access to the system to trigger...

PT-2024-25515 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.4.0 Description: An issue was discovered that allows Local File Inclusion LFI when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming...

PT-2024-25511 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.4.0 Description: An issue was discovered in Logpoint where an attacker can enumerate a valid list of usernames by observing the response time at the "Forgot Password" endpoint. Recommendations: For versions prior ...

CVE-2024-33860

Summary : CVE-2024-33860 affects Logpoint before 7.4.0. A Local File Inclusion (LFI) issue arises when an arbitrary file path is used in the File System Collector, allowing the contents of the specified file to appear in incoming logs. Impact : exposes file contents through log data; scope restri...

PT-2024-25512 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.4.0 Description: An issue was discovered due to a lack of input validation on URLs in threat intelligence. This allows an attacker with low-level access to the system to trigger Server Side Request Forgery...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.4.0, which stems from the fact that the sourcename parameter can be changed to an absolute path, which will write a CSV file to the tmp directory...

CVE-2024-33857

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery...

PT-2024-25514 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.4.0 Description: An issue was discovered where HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS. Recommendations: For versions prior to 7.4.0, update to version...

CVE-2024-33860

An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion LFI when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs...

CVE-2024-33856

CVE-2024-33856 affects Logpoint before 7.4.0. An attacker can enumerate valid usernames by observing response times at the Forgot Password endpoint, indicating a timing-based leakage. Impact is account enumeration; no broader impact stated. Remediation: upgrade to Logpoint 7.4.0 or later; as a te...

CVE-2024-33856

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint...

CVE-2024-33858

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The sourcename parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory...

CVE-2024-33859

Summary: CVE-2024-33859 affects Logpoint versions prior to 7.4.0. The vulnerability arises from HTML code in logs not being escaped in the “Interesting Field” Web UI, enabling cross‑site scripting (XSS). Affected software: Logpoint before 7.4.0. Root cause: insufficient escaping in the Interestin...

CVE-2024-33856

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint...

CVE-2024-33858

CVE-2024-33858 affects Logpoint before 7.4.0. A path injection flaw occurs when adding a CSV enrichment source: the source_name parameter can be changed to an absolute path, enabling writing the CSV file to that path inside /tmp. This is a vulnerability in the enrichment source handling and could...