37 matches found
PT-2026-48500
In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...
CLSA-2026-1775040432 golang: Fix of CVE-2025-61731
CVE-2025-61731: fix pkg-config --log-file argument injection via cgo pkg-config directive...
CVE-2026-0936
An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is...
CVE-2003-1582
Microsoft Internet Information Services IIS 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...
EUVD-2003-1567
Malware in sbrugna...
CVE-2025-10217
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while...
CLSA-2025-1758914697 httpd: Fix of 4 CVEs
CVE-2025-49630: fix assertion caused by untrusted clients triggering denial of service attack in modproxyhttp2 - CVE-2025-23048: fix access control bypass by trusted clients using TLS 1.3 session resumption - CVE-2024-47252: escape user-supplied data to prevent log file injection in modssl -...
Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below
CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...
Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below
CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...
AZL-65226 CVE-2024-47252 affecting package httpd for versions less than 2.4.64-1
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
Apache HTTP Server 安全漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...
Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...
RoamWiFi R10 安全漏洞
RoamWiFi R10 is a portable Internet wireless router from RoamWiFi. A security vulnerability exists in RoamWiFi R10 versions prior to 4.8.45, which stems from a vulnerability that allows an attacker to insert sensitive information into log files...
PT-2023-7355 · Splunk · Universal Forwarder +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.1.0.2 Splunk Enterprise versions prior to 9.0.5.1 Splunk Enterprise versions prior to 8.2.11.2 Universal Forwarder versions prior to 9.1.0.2 Universal Forwarder versions prior to 9.0.5.1 Universal Forward...
CVE-2020-3356
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based...
CVE-2018-2389
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file...
CVE-2018-2389
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file...
CVE-2017-1210
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850...
Netgear FVS318 Router Multiple Vulnerabilities
Multiple Vulnerabilities in Netgear FVS318 Router ------------------------------------------------------------------------ SUMMARY The Netgear FVS318 is "an easy to use, firewall/router designed for home users and small businesses". SecuriNews Research has found 2 vulnerabilities in the router, o...
CVE-2011-3187
The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...