380 matches found
Jenkins lambdatest-automation Plugin may expose Credentials access token
Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level. This can result in accidental exposure of the token through the default system log. lambdatest-automation Plugin 1.21.0 no longer logs LAMBDATEST Credentials access token...
Zyxel P660HN-T1A Routers Command Injection Vulnerability
Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remotehost parameter of the ViewLog.asp page...
Moxa AWK-3121 Improper Access Control (CVE-2018-10691)
An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log the system log. However, the same functionality allows an attacker to download the file without any authentication or authorization. This plugin only works with Tenable.ot. Plea...
WordPress WP System Log Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software WP System Log Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c875cf2db794 Credits Rafie Muhammad Patchstack Required...
Information disclosure
SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...
CVE-2023-31405
SAP NetWeaver AS for Java (ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50) is affected by a log-injection vulnerability via unauthenticated network requests that can modify system logs without user interaction. The root cause is log injection from network input; there is no information disclosur...
CVE-2023-31405 Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...
SAP ERP 安全漏洞
SAP ERP is a series of software for ERP management from SAP, Germany. A security vulnerability exists in SAP ERP Defense Forces and Public Security, which arises from an authenticated attacker with administrator privileges being able to write arbitrary data to system log files...
CVE-2023-29772
A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...
CVE-2023-29772
A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...
PT-2023-22412 · Asus · Asus Rt-Ac51U
Name of the Vulnerable Software and Affected Versions: ASUS RT-AC51U wireless router firmware versions up to and including 3.0.0.4.380.8591 Description: A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI allows remote attackers to inject...
CVE-2023-1683
A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/systemlog.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to t...
PT-2023-17166 · Xunruicms · Xunruicms
Name of the Vulnerable Software and Affected Versions: Xunrui CMS version 4.61 Description: A vulnerability was found in Xunrui CMS, affecting some unknown functionality of the file /dayrui/Fcms/View/system log.html. This issue leads to information disclosure and can be exploited remotely...
CVE-2023-25282
A heap overflow vulnerability in D-Link DIR820LA1FW106B02 allows attackers to cause a denial of service via the config.logtosyslog and logoptdropPackets parameters to mydlinkapi.ccp...
Citrix Workspace App For Linux 2212 Credential Leak Vulnerability
The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix does not consider this to be a security vulnerability. Citrix Workspace App for Linux versions 2212 is affected. Citrix Linux client...
Citrix Workspace App For Linux 2212 Credential Leak
Citrix Linux client credential leak The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix do not consider this to be a security vulnerability. Software affected - Citrix Workspace App for...
OpenStack 安全漏洞
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. OpenStack has a security vulnerability that stems from plain text passwords being saved in /var/log/messages...
GSD-2022-1006738 btrfs: scrub: properly report super block errors in system log
btrfs: scrub: properly report super block errors in system log This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
PT-2022-34993 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns the btrfs scrub feature, which fails to properly report super block errors in the system log. This could potentially lead to security vulnerabilities, although the actual...
CVE-2022-20278
In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...