7 matches found
CVE-2025-58580
An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example...
EUVD-2025-32499
An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example...
GHSA-3WWM-HJV7-23R3 Pyload log Injection via API /json/add_package in add_name parameter
Summary A log injection vulnerability was identified in pyload in API /json/addpackage. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when creating new package using API...
CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
lighttpd -- Log injection vulnerability in mod_auth
MITRE reports: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...