7 matches found
LogAnalyzer < 3.6.6 index.php / detail.php 'hostname' Parameter XSS
The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize the 'hostname' value retrieved from log files. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be...
CVE-2014-6070
Summary (CVE-2014-6070): Adiscon LogAnalyzer prior to 3.6.6 is affected by cross-site scripting (XSS) via the hostname field used in index.php and detail.php. The root cause is improper sanitization of the hostname retrieved from log files, allowing an attacker to inject arbitrary HTML/JavaScript...
Syslog LogAnalyzer 3.6.5 - Stored XSS Exploit
Exploit for multiple platform in category web applications Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and sending ...
LogAnalyzer 3.6.5 Cross Site Scripting Vulnerability
LogAnalyzer version 3.6.5 suffers from a cross site scripting vulnerability. Author: Dolev Farhi @dolevff Application: LogAnalyzer Date: 8.2.2014 Tested on: Red Hat Enterprise Linux 6.4 Relevant CVEs: CVE-2014-6070 1. About the application ------------------------ LogAnalyzer is a web interface t...
LogAnalyzer 3.6.5 Cross Site Scripting
Author: Dolev Farhi @dolevff Application: LogAnalyzer Date: 8.2.2014 Tested on: Red Hat Enterprise Linux 6.4 Relevant CVEs: CVE-2014-6070 1. About the application ------------------------ LogAnalyzer is a web interface to syslog and other network event data. It provides easy browsing, analysis of...
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting
Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and sending an arbitrary syslog message, a client-side script injection...
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting Python Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and...