27 matches found
EUVD-2020-8114
Malware in sbrugna...
EUVD-2020-8113
Malware in sbrugna...
EUVD-2022-1380
Malicious code in bioql PyPI...
SUSE CVE-2008-4951
dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/awstats.log, b /tmp/spam.log., and c /tmp/spamerr.log temporary files, related to the 1 accesslog.php and 2 sa-wrapper scripts...
Exploit for Code Injection in Vmware Spring_Framework
CVE-2022-22965 CVE-2022-22965 EXP General environme...
Arbitrary Code Injection
accesslog is vulnerable to arbitrary code injection. The vulnerability exists in compile function in compile.js due to lack of sanitization of inputs which allows an attacker to inject and execute arbitrary javascript code...
Code injection in accesslog
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...
@superdev-official/buffet-angular (=1.0.11), apps-b-builder (>=0.1.0 <=0.4.3) +9 more potentially affected by CVE-2022-25760 via accesslog (=0.0.2)
accesslog NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on accesslog and may be impacted: - @superdev-official/buffet-angular =1.0.11 - apps-b-builder =0.1.0, =0.6.0, =3.1.0, =0.1.0, =2.0.0, =0.4.0, =0.1.0, =0.4.1, =0.5.0 Source cves:...
GHSA-8M2F-74R2-X3F2 Code injection in accesslog
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...
CVE-2022-25760
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...
CVE-2022-25760
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...
CVE-2022-25760
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...
accesslog 代码注入漏洞
accesslog is a simple generic/combined accesslog middleware from the individual developers at Starbuck Starfish in the United States. A security vulnerability exists in accesslog, which stems from a lack of filtering and escaping in the constructor. The vulnerability can be exploited to execute...
@superdev-official/buffet-angular (=1.0.11), apps-b-builder (>=0.1.0 <=0.4.3) +9 more potentially affected by CVE-2022-25760 via accesslog (=0.0.2)
accesslog NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on accesslog and may be impacted: - @superdev-official/buffet-angular =1.0.11 - apps-b-builder =0.1.0, =0.6.0, =3.1.0, =0.1.0, =2.0.0, =0.4.0, =0.1.0, =0.4.1, =0.5.0 Source cves:...
Arbitrary Code Injection
Overview accesslog is a simple common/combined access log middleware Affected versions of this package are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package...
Telmat AccessLog Privilege Vulnerability
Telmat AccessLog is an access log monitoring product from Telmat France. The product protects public and private networks based on access logs. A security vulnerability exists in Telmat AccessLog 6.0 TAL20180415 and prior versions, which stems from an incorrectly programmed call to an advanced...
Telmat AccessLog Code Injection Vulnerability
Telmat AccessLog is an access log monitoring product from Telmat France. The product protects public and private networks based on access logs. A code injection vulnerability exists in Telmat AccessLog versions prior to 6.0 TAL20180415, which arises from a network system or product not properly...
CVE-2020-16148
The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...
CVE-2020-16147
The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...
CVE-2020-16147
The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...