SUSE CVE-2011-3267

PHP before 5.3.7 does not properly implement the errorlog function, which allows context-dependent attackers to cause a denial of service application crash via unspecified vectors...

SUSE CVE-2011-4612

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc error.log via a crafted URL...

SUSE CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

SUSE CVE-2016-1247

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

SUSE CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd t...

CVE-2022-3923 ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup

The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs...

ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup

The plugin does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. Run the below command in the developer console of the web browser while being on the blog as a subscribe...

CVE-2022-3881

CVE-2022-3881 concerns the WordPress WPTools plugin, affected versions before 3.43. The issue is improper authorization and CSRF in an AJAX action, allowing any authenticated user (e.g., a subscriber) to install and activate arbitrary plugins from wordpress.org. Root cause: missing CSRF/authoriza...

CVE-2022-41618

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin = 3.00 on WordPress...

Spoofing

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin = 3.00 on WordPress...

CVE-2022-41618

The CVE-2022-41618 entry describes an Unauthenticated Error Log Disclosure in the WordPress Media Library Assistant plugin before or up to version 3.00. The issue arises from inadequate access controls, allowing unauthenticated users to access the plugin’s error log contents. Affected product: Wo...

CVE-2022-41618 WordPress Media Library Assistant plugin <= 3.00 - Unauthenticated Error Log Disclosure vulnerability

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin = 3.00 on WordPress...

Cross-site Scripting (XSS)

tribalsystems/zenario is vulnerable to cross-site scripting attacks. The vulnerability exists due to a lack of sanitization in the adminorganizer.js of the component error log module, allowing an attacker to inject and execute malicious javascript into the system...

Tribal Systems Zenario CMS vulnerable to Cross-site Scripting

A vulnerability has been found in Tribal Systems Zenario CMS prior to version 8.5.51340. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The...

GHSA-F92P-F8R2-C87Q Tribal Systems Zenario CMS vulnerable to Cross-site Scripting

A vulnerability has been found in Tribal Systems Zenario CMS prior to version 8.5.51340. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The...

CVE-2020-36608

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched...

CVE-2020-36608 Tribal Systems Zenario CMS Error Log Module admin_organizer.js cross site scripting

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched...

CVE-2020-36608 Tribal Systems Zenario CMS Error Log Module admin_organizer.js cross site scripting

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched...

Zenario CMS 跨站脚本漏洞

Zenario CMS is a Zenario open source application . Provides a Web-based content management system. A security vulnerability exists in Zenario CMS that stems from some unknown functionality in adminorganizer.js of the Error Log module , which can lead to cross-site scripting...