11 matches found
EUVD-2002-1674
Malware in sbrugna...
PT-2025-25305
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log...
The vulnerability of the django.utils.log.log_response() function in the Django web application framework allows a hacker to gain access and modify data in the log file.
The vulnerability of the django.utils.log.logresponse function in the Django web application framework is related to improper handling of log file output. Exploiting this vulnerability can allow an attacker to gain access and modify data in the log files...
CVE-2024-23194
Improper output Neutralization for Logs CWE-117 in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 MR1...
Gallagher Command Centre security breach
Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre vEL9.10.1268 MR1 prior to v9.10, which stems from an improperly neutralized log output may give an attacker limited...
CVE-2023-31437
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...
CVE-2023-31437
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...
CVE-2023-31439
CVE-2023-31439 : Affects systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file so that integrity checking shows no error, despite modifications. The Initial Description notes the vendor replied denying that this finding is a security vulnera...
CVE-2019-1973
A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...
CVE-2009-4488
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendo...
CVE-2002-1694
Microsoft Internet Information Server IIS 4.0 opens log files with FILESHAREREAD and FILESHAREWRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running...