55 matches found
SolarWinds Kiwi Syslog NG < 1.3.1 Sensitive Information Disclosure (CVE-2024-45718)
According to its self-reported version, the SolarWinds Kiwi Syslog NG installation on the remote host is version 1.3 or earlier. It is, therefore, affected by a cleartext storage of sensitive information vulnerability. Sensitive data could be exposed to non-privileged users in a configuration fil...
EUVD-2021-21876
Malware in sbrugna...
EUVD-2021-21879
Malware in sbrugna...
EUVD-2021-21878
Malware in sbrugna...
EUVD-2021-21874
Malware in sbrugna...
EUVD-2021-21880
Malware in sbrugna...
SolarWinds Kiwi Syslog Server Installed (Windows)
Binary data solarwindskiwiwininstalled.nbin...
SolarWinds Kiwi Syslog Server NG 安全漏洞
SolarWinds Kiwi Syslog Server NG is an application from SolarWinds USA. A security vulnerability exists in SolarWinds Kiwi Syslog Server NG versions prior to 1.3.1, which stems from the fact that sensitive data may be exposed to unprivileged users in configuration files...
SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path Vulnerability
Exploit Title: SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage: https://www.kiwisyslog.com/ Softwar...
SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
Exploit Title: SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...
SolarWinds Kiwi Syslog Server 9.6.7.1 Unquoted Service Path
Exploit Title: SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...
CVE-2021-35237
A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...
CVE-2021-35237
A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...
Design/Logic Flaw
A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...
CVE-2021-35237 Clickjacking Vulnerability
A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...
CVE-2021-35237
The CVE-2021-35237 entry describes a missing HTTP header (X-Frame-Options) in Kiwi Syslog Server, enabling clickjacking. Affected software: Kiwi Syslog Server; vulnerability is due to absence of the X-Frame-Options header in HTTP responses. Impact: potential user interaction manipulation via embe...
PT-2021-20859 · Unknown · Kiwi Syslog Server
Name of the Vulnerable Software and Affected Versions: Kiwi Syslog Server affected versions not specified Description: A missing HTTP header X-Frame-Options has left customers vulnerable to clickjacking. Clickjacking is an attack where an attacker uses a transparent iframe to trick a user into...
Solarwinds Kiwi Syslog Server 安全漏洞
Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A security vulnerability exists in Kiwi...
CVE-2021-35233
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client...
CVE-2021-35236
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...