140 matches found
CVE-2020-35477
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...
CVE-2020-35477
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...
CVE-2020-35477
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...
CVE-2020-35477
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...
CVE-2020-35477
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...
CVE-2020-35477
MediaWiki before 1.35.1 is affected by CVE-2020-35477. In certain flows (MediaWiki:Mainpage set to Special:MyLanguage/Main Page; visiting a log entry on Special:Log; and using the Change visibility of selected log entries toggle), a redirect to the main page history submit action occurs, instead ...
CVE-2020-35477
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...
MediaWiki 输入验证错误漏洞
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. An input validation error vulnerability exists in MediaWiki versions prior to...
CVE-2020-25255
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service outage of connection-request processing via a long user ID, which triggers an excepti...
Design/Logic Flaw
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service outage of connection-request processing via a long user ID, which triggers an excepti...
CVE-2019-10550
creationtimestamp| type| source ---|---|--- 2020-03-05 14:07:09+00:00| seen| https://t.me/cibsecurity/10308...
CVE-2019-7613
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event...
CVE-2017-11675
The traverseStrictSanitize function in admindir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the adminname array parameter to...
Cisco Firepower Threat Defense Device Manager Web UI Request Handling Arbitrary Log Entry Injection (cisco-sa-20170201-fpw2)
According to its version and configuration, the Cisco Firepower Threat Defense FTD software installed on the remote device is affected by an arbitrary log entry injection vulnerability in the Firepower Device Manager FDM due to improper validation of user-supplied input. An unauthenticated, remot...
CVE-2017-5549
The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...
CVE-2017-5549
The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...
Design/Logic Flaw
The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...
CVE-2017-5549
The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...
CVE-2017-5549
The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...
Log forging vulnerability
It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...