17 matches found
EUVD-2026-30549
GitHub CLI: GitHub Actions log output in gh run view allows terminal escape sequence injection...
CVE-2025-61649
Technical details about CVE-2025-61649 are not publicly available in the provided documents. Monitor for updates from the listed sources (NVD/Red Hat/CVE listings) for affected software, impact, and fixes.
CVE-2025-61649 UserInfoCard: Check that performing user has permission to view log entries for number of past blocks
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309...
EUVD-2004-2062
Malware in sbrugna...
PT-2025-1972 · WordPress · W2S – Migrate Woocommerce To Shopify
Name of the Vulnerable Software and Affected Versions: W2S – Migrate WooCommerce to Shopify plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server...
DEBIAN-CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...
UBUNTU-CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...
CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...
VulnCheck KEV: CVE-2017-18368
Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remotehost parameter of the ViewLog.asp page...
UBUNTU-CVE-2019-7339
POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...
FreeBSD : cacti -- multiple vulnerabilities (db570002-ce06-11e7-804e-c85b763a2f96)
cacti reports : Changelog issue1057: CVE-2017-16641 - Potential vulnerability in RRDtool functions issue1066: CVE-2017-16660 in remoteagent.php logging function issue1066: CVE-2017-16661 in view log file issue1071: CVE-2017-16785 in globalsession.php Reflection XSS %NASLMINLEVEL 70300 C Tenable...
[SECURITY] Fedora 24 Update: websvn-2.3.3-13.fc24
WebSVN offers a view onto your subversion repositories that's been designed to reflect the Subversion methodology. You can view the log of any file or directory and see a list of all the files changed, added or deleted in any given revision. You can also view the differences between two versions ...
CVE-2012-4940
CVE-2012-4940 describes directory traversal vulnerabilities in Axigen Mail Server’s View Log Files component, allowing unauthenticated (per CERT entry) or authenticated users to read or delete arbitrary files via dot-dot sequences in the fileName parameter (download, edit, or delete actions) to t...
Cross site scripting
Cross-site scripting XSS vulnerability in Ipswitch WSFTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to creat...
CVE-2004-2070
The Altiris Client Service for Windows 5.6 SP1 Hotfix E 5.6.181 allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590...
easyfile12.txt
Vulnerabilities in Easy File Sharing Web Server 1.2 NEW. +-----------------------------+ Vendor: www.sharing-file.com Version: 1.2 new Date: Sep 22, 2003 Size: 2115KB Mini-description: "Easy File Sharing Web Server contains several built-in systems including HTTP Web Server,multi-threads database...
Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String
// source: https://www.securityfocus.com/bid/5384/info Inso DynaWeb webserver, dwhttpd, is used as a subcomponent in products such as Sun's AnswerBook2, which is shipped as part of the Solaris operating environment. The dwhttpd webserver is prone to a remotely exploitable format-string...