Lucene search
+L

380 matches found

Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.24 views

Jenkins lambdatest-automation Plugin may expose Credentials access token

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level. This can result in accidental exposure of the token through the default system log. lambdatest-automation Plugin 1.21.0 no longer logs LAMBDATEST Credentials access token...

6.5CVSS7.1AI score0.00363EPSS
Exploits0References4Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2023/08/07 12:0 a.m.58 views

Zyxel P660HN-T1A Routers Command Injection Vulnerability

Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remotehost parameter of the ViewLog.asp page...

10CVSS7.9AI score0.94508EPSS
In wildExploits2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.12 views

Moxa AWK-3121 Improper Access Control (CVE-2018-10691)

An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log the system log. However, the same functionality allows an attacker to download the file without any authentication or authorization. This plugin only works with Tenable.ot. Plea...

7.5CVSS7.6AI score0.02411EPSS
Exploits1References5
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.9 views

WordPress WP System Log Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software WP System Log Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c875cf2db794 Credits Rafie Muhammad Patchstack Required...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/07/11 3:15 a.m.27 views

Information disclosure

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...

5CVSS5.2AI score0.00447EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/11 2:23 a.m.70 views

CVE-2023-31405

SAP NetWeaver AS for Java (ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50) is affected by a log-injection vulnerability via unauthenticated network requests that can modify system logs without user interaction. The root cause is log injection from network input; there is no information disclosur...

5.3CVSS5.2AI score0.00447EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/11 2:23 a.m.11 views

CVE-2023-31405 Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...

5.3CVSS6.7AI score0.00447EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.5 views

SAP ERP 安全漏洞

SAP ERP is a series of software for ERP management from SAP, Germany. A security vulnerability exists in SAP ERP Defense Forces and Public Security, which arises from an authenticated attacker with administrator privileges being able to write arbitrary data to system log files...

4.9CVSS5.6AI score0.00474EPSS
Exploits0References3
OSV
OSV
added 2023/05/02 1:15 p.m.4 views

CVE-2023-29772

A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...

5.2CVSS6.2AI score0.11237EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/05/02 12:0 a.m.19 views

CVE-2023-29772

A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...

5.3AI score0.11237EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/02 12:0 a.m.8 views

PT-2023-22412 · Asus · Asus Rt-Ac51U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC51U wireless router firmware versions up to and including 3.0.0.4.380.8591 Description: A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI allows remote attackers to inject...

5.2CVSS5.8AI score0.11237EPSS
Exploits1References4
OSV
OSV
added 2023/03/29 1:15 a.m.4 views

CVE-2023-1683

A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/systemlog.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to t...

7.5CVSS4.8AI score0.00497EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.10 views

PT-2023-17166 · Xunruicms · Xunruicms

Name of the Vulnerable Software and Affected Versions: Xunrui CMS version 4.61 Description: A vulnerability was found in Xunrui CMS, affecting some unknown functionality of the file /dayrui/Fcms/View/system log.html. This issue leads to information disclosure and can be exploited remotely...

7.5CVSS4.8AI score0.00497EPSS
Exploits1References9
OSV
OSV
added 2023/03/15 7:15 p.m.5 views

CVE-2023-25282

A heap overflow vulnerability in D-Link DIR820LA1FW106B02 allows attackers to cause a denial of service via the config.logtosyslog and logoptdropPackets parameters to mydlinkapi.ccp...

6.5CVSS6.6AI score0.01045EPSS
Exploits1References2
0day.today
0day.today
added 2023/01/18 12:0 a.m.330 views

Citrix Workspace App For Linux 2212 Credential Leak Vulnerability

The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix does not consider this to be a security vulnerability. Citrix Workspace App for Linux versions 2212 is affected. Citrix Linux client...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/17 12:0 a.m.343 views

Citrix Workspace App For Linux 2212 Credential Leak

Citrix Linux client credential leak The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix do not consider this to be a security vulnerability. Software affected - Citrix Workspace App for...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.5 views

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. OpenStack has a security vulnerability that stems from plain text passwords being saved in /var/log/messages...

7.5CVSS7.2AI score0.00292EPSS
Exploits0References5
OSV
OSV
added 2022/11/14 6:36 p.m.12 views

GSD-2022-1006738 btrfs: scrub: properly report super block errors in system log

btrfs: scrub: properly report super block errors in system log This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.5 views

PT-2022-34993 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns the btrfs scrub feature, which fails to properly report super block errors in the system log. This could potentially lead to security vulnerabilities, although the actual...

7.3AI score
Exploits0References1
OSV
OSV
added 2022/08/12 3:15 p.m.2 views

CVE-2022-20278

In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.9AI score0.00096EPSS
Exploits0References1
Rows per page
Query Builder