168 matches found
CVE-2024-47252
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
MAL-2025-4882 Malicious code in server-log-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98c5b185c67de0bfe5bcf39953a89a1ffcb666e055d24d971a6926437a672f1d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in server-log-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98c5b185c67de0bfe5bcf39953a89a1ffcb666e055d24d971a6926437a672f1d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-38133
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases...
CVE-2018-1000633
The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable vi...
CVE-2011-2758
IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server TDS 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL...
CVE-2002-2389
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files...
CVE-2024-49355
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature...
CVE-2024-8097
CVE-2024-8097 affects Payara Server (Logging modules): credentials posted in plain text may be exposed in server logs. Affected versions include 4.1.2.191.0–4.1.2.191.50, 5.20.0–5.67.0, 5.2020.2–5.2022.5, 6.0.0–6.18.0, and 6.2022.1–6.2024.9. Upgrade to fixed releases (e.g., 4.1.2.191.50+, 5.67.0+...
OSTE-Web-Log-Analyzer - Automate The Process Of Analyzing Web Server Logs With The Python Web Log Analyzer
Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your server logs. Stay ahead of potential threats with features that include: Features 1. Attac...
PVS server cannot logon database with Error "The Login is from an Untrusted Domain and Cannot ..."
PVS server console cannot be launched with error: "The database login failed." SQL server log error: "Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication." "SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection...
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
SUSE CVE-2016-5437
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log...
SUSE CVE-2018-19960
The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...
CVE-2023-23286
Cross Site Scripting XSS vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form...
Cross site scripting
Cross Site Scripting XSS vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form...
PT-2023-18887 · Unknown · Provide Server
Name of the Vulnerable Software and Affected Versions: Provide server version 14.4 Description: The issue allows attackers to execute arbitrary code through the server-log via the username field from the login form. This is a Cross Site Scripting XSS issue. Recommendations: For Provide server...
[SECURITY] Fedora 36 Update: awstats-7.8-9.fc36
Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers...
Security Bulletin: Vulnerability due to Server log files exposure affects IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-8963)
Summary IBM License Metric Tool v9 and IBM BigFix Inventory v9 Server log files can potentially reveal sensitive information. Vulnerability Details CVEID: CVE-2016-8963 DESCRIPTION: IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user...
CVE-2022-38133
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases...