31 matches found
CVE-2022-38248
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting XSS vulnerabilities at auditlog.php...
UBUNTU-CVE-2022-38248
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting XSS vulnerabilities at auditlog.php...
EUVD-2022-40840
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting XSS vulnerabilities at auditlog.php...
Nagios XI 跨站脚本漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to v5.8.7, which stems from a discovery on...
CVE-2017-6340
Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that...
CVE-2017-6340
CVE-2017-6340 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 prior to CP 1746. The issue is an XSS vulnerability in rest/commonlog/report/template name due to improper sanitization, compounded by weak access controls that let authenticated remote users with low privilege...
CVE-2017-3822
A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense FTD Firepower Device Manager FDM could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the...
search-guard in Elasticsearch 2.3 use-vulnerability warning-the black bar safety net
Reference content: http://kibana.logstash.es/content/elasticsearch/auth/searchguard-2.html https://groups.google.com/forum/! forum/search-guard https://github.com/floragunncom/search-guard This article is based on the following software versions, different versions may have slightly differences:...
ModSecurity v2.8.0 - Open Source Web Application Firewall
ModSecurity ™is an open source, free web application firewall WAF Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure. Changelog v2.8.0 Bug fix Build issue: Now using autotools to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to admin/auditlog/, 2 PATHINFO to info/host/ or 3 viewport/, 4 back parameter to login, or 5 "from" parameter to status/service/recheck...
CVE-2012-0421
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file...