CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

Crestron Automate VX 安全漏洞

Crestron Automate VX is an enterprise-grade intelligent space automation platform with integrated AV control, IoT device management, and data analytics from Crestron USA. A security vulnerability exists in Crestron Automate VX versions 5.6.8161.21536 through 6.4.0.49, which stems from a remote we...

CVE-2024-13416

Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS...

Python package "zhmcclient" stores passwords in clear text in its HMC and API logs

Impact The Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: The 'boot-ftp-password' and 'ssc-master-pw' properties when creating or updating a partition in DPM mode, in the zhmcclient API and HMC logs The 'ssc-master-pw' a...

PT-2023-31412 · Elastic · App Search

Name of the Vulnerable Software and Affected Versions: Elastic App Search versions prior to 7.17.16 Elastic App Search versions prior to 8.11.2 Description: An issue was discovered in the Documents API of App Search where it logged the raw contents of indexed documents at INFO log level. This cou...

RHEL 8 : idm:DL1 (RHSA-2020:1269)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1269 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

dnsFookup - DNS Rebinding Toolkit

DNS Rebinding freamwork containing: a dns server obviously web api to create new subdomains and control the dns server, view logs, stuff like that shitty react app to make it even more comfy What does it do? It lets you create dns bins like a burp collaborator but it adds a bit more features... a...

Scientific Linux Security Update : ipa on SL7.x x86_64 (20200205)

Security Fixes : - ipa: Denial of service in IPA server due to wrong use of berscanf CVE-2019-14867 - ipa: Batch API logging user passwords to /var/log/httpd/errorlog CVE-2019-10195 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...

Important: Red Hat Security Advisory: ipa security and bug fix update

An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

How to enable storage-specific API logging

Need to collect storage-specific API logging by Veeam Customer Support request...

vBulletin 4.x5.x - AdminCPApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting

vBulletin 4.x5.x - AdminCPApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ================================================================================================ Overview...

vBulletin 5.x / 4.x Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...