16 matches found
PT-2026-32675
Name of the Vulnerable Software and Affected Versions PowerChute Serial Shutdown affected versions not specified Description Improper validation of specified quantity in input occurs when a Web Admin user alters the payload of the 'POST /logsettings' request. This issue can lead to Event and Data...
EUVD-2025-179248
Malicious code in double-grid-resolve-data-log npm...
EUVD-2024-52815
Malicious code in bioql PyPI...
CVE-2025-24520
Insertion of sensitive information into log file for some IntelR Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access...
JVN#07825095: "region PAY" App for Android vulnerable to insertion of sensitive information into log file
"region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability. Insertion of sensitive information into log file CWE-532 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 2.4 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 2.4...
CVE-2020-11833
In /SM8250QMaster/android/vendor/oppocharger/oppo/chargeric/oppomp2650.c, the function mp2650datalogwrite in mp2650datalogwrite does not check the parameter len which causes a vulnerability...
Biscuit 安全漏洞
Biscuit is a delegated, decentralized, capability-based authorization token from biscuit-auth open source. A security vulnerability exists in Biscuit that stems from a data log that allows a malicious user to trick a third-party authority into generating a key pair with the wrong trust via a forg...
Osprey Pump Controller 操作系统命令注入漏洞
Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from the presence of an operating system command injection vulnerability. An attacker can exploit this vulnerability to inject and execute arbitrary shell...
UBUNTU-CVE-2022-31291
An issue in dltconfigfileparser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets...
Design/Logic Flaw
In /SM8250QMaster/android/vendor/oppocharger/oppo/chargeric/oppomp2650.c, the function mp2650datalogwrite in mp2650datalogwrite does not check the parameter len which causes a vulnerability...
Linux kernel buffer error vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A buffer error vulnerability exists in the Linux kernel, which originates in /SM8250QMaster/android/vendor/oppocharger/oppo/chargeric/oppomp2650.c The data log write function...
CVE-2019-9976
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users...
PT-2019-12079 · Salicru · Slc-20-Cube3
Name of the Vulnerable Software and Affected Versions: Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 Description: A reflected HTML injection issue allows remote attackers to inject arbitrary HTML elements via specific API endpoints, including /DataLog.csv?log=,...
Information disclosure
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/yearmonthday.log...
CVE-2018-12604
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/yearmonthday.log...
Design/Logic Flaw
Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...