15 matches found
EUVD-2014-9042
Malware in sbrugna...
Cross-site Scripting (XSS)
org.graylog2:graylog2-server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insecure input handling due to the ability to inject and submit malicious HTML forms via the Event Definition Remediation Step field, which can result in session cookie theft under specific...
PT-2025-20319 · Maven · Org.Graylog2:Graylog2-Server
Impact Two minor vulnerabilities were identified in the Graylog2 enterprise server, which can be combined to carry out a stored cross-site scripting attack. An attacker with the permission FILES CREATE can exploit these vulnerabilities to upload arbitrary Javascript code to the Graylog2 server,...
Authentication Bypass
org.graylog2, graylog2-server is vulnerable to Authentication Bypass. The vulnerability is due to HTTP Inputs not correctly rejecting messages when a specified header is missing or has an incorrect value, allowing the message to be ingested despite returning a 401 HTTP response...
Fedora 37 : golang-github-docker / golang-github-graylog2-gelf (2023-6b9e2a6534)
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6b9e2a6534 advisory. golang-github-graylog2-gelf-2.0.0-5.20201111git1550ee6.fc37 was not in F37 because was override with...
DNS Cache Poisoning
graylog2-server is vulnerable to DNS Cache Poisoning. The vulnerability exists because the library uses a single source port for DNS queries, leading to cache poisoning attacks...
Session Fixation
graylog2-server is vulnerable to Session Fixation. The vulnerability exists because a node may still have the session cached even when a user has explicitly logged out, which allows the session to still be used for API requests until it has reached its original expiry time...
Fedora: Security Advisory for golang-github-graylog2-gelf (FEDORA-2023-6b9e2a6534)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Graylog2 LDAP Authentication Bypass Vulnerability
The remote version of Graylog2 is affected by a vulnerability that allows remote attackers, using crafted wildcards, to bypass the authentication mechanisms when the installation is configured to use LDAP authentication. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Graylog2 Default Credentials
The remote host is running Graylog2, a log collection and analysis system, which is using a known set of default credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid81260; scriptversion"1.3";...
Graylog2 Web Interface Detection
Binary data graylog2webinterfacedetect.nbin...
CVE-2014-9217
Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards...
Authentication flaw
Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards...
CVE-2014-9217
Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards...
CVE-2014-9217
CVE-2014-9217 affects Graylog2 prior to 0.92, where remote attackers can bypass LDAP authentication by using crafted wildcards when LDAP is configured. The vulnerability enables an authentication bypass on affected installations; no other impacts are described in the provided documents. Affected ...