The vulnerability of the API journal of the deployment and email server management tool based on Docker container technology, mailcow:dockerized, allows a attacker to execute arbitrary code.

The vulnerability of the log function API of the deployment and email server management tool based on Docker container technology, mailcow:dockerized, is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

PT-2024-15963 · Sichuan Yougou Technology · Kuerp

Name of the Vulnerable Software and Affected Versions: Sichuan Yougou Technology KuERP versions up to 1.0.4 Description: A critical vulnerability has been found in the software, affecting an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for...

ehttp Security Vulnerabilities

ehttp is a library from the Chinese developer hongliuliao. A security vulnerability exists in versions prior to ehttp 1.0.6, which stems from an out-of-bounds read in the void log function in simplelog.cpp, resulting in memory corruption...

PT-2023-32314 · WordPress · Debug Log Manager

Name of the Vulnerable Software and Affected Versions: Debug Log Manager plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the clear log function. This allows unauthenticated...

CVE-2023-32324

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers to cause a DoS ...

Abode Systems, Inc. iota All-In-One Security Kit ghome_process_control_packet format string injection vulnerability

Talos Vulnerability Report TALOS-2022-1584 Abode Systems, Inc. iota All-In-One Security Kit ghomeprocesscontrolpacket format string injection vulnerability October 20, 2022 CVE Number CVE-2022-33938 SUMMARY A format string injection vulnerability exists in the ghomeprocesscontrolpacket...

PT-2022-24534 · Asus · Armoury Crate Service

Name of the Vulnerable Software and Affected Versions: Armoury Crate Service affected versions not specified Description: The issue concerns Armoury Crate Service's logging function, which lacks sufficient validation to check if the log file is a symbolic link. This allows a physical attacker wit...

DEBIAN-CVE-2021-44924

An infinite loop vulnerability exists in gpac 1.1.0 in the gflog function, which causes a Denial of Service...

CVE-2021-35479

CVE-2021-35479 affects Nagios Log Server prior to version 2.1.9, where a Stored XSS vulnerability exists in the custom column view of the alert history and audit log via the affected pp parameter. Exploitation is described as requiring a crafted link or a third‑party webpage to trigger the vulner...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. An SQL injection vulnerability exists in CleanTalk WordPress Plugin versions prior to 5.153.4, which originates from an update log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php that contains a vulnerable query. An attacker...

PT-2021-3413

Name of the Vulnerable Software and Affected Versions Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin versions prior to 5.153.4 Description The issue is related to the update log function in the lib/Cleantalk/ApbctWP/Firewall/SFW.php module, which does not properly protect the S...

CVE-2020-20294

An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands...

CVE-2020-20294

An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands...

Command injection

An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands...

CVE-2020-20294

An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands...

CMSWing SQL注入漏洞

CMSWing is a ThinkJS-based e-commerce platform and CMS builder. A code execution vulnerability exists in CMSWing 1.3.8. The vulnerability stems from the log function not checking the log parameter. An attacker can exploit this vulnerability to execute arbitrary commands via malicious parameters...

ZOHO ManageEngine EventLog Analyzer Cross-Site Scripting Vulnerability (CNVD-2018-12558)

ZOHO ManageEngine EventLog Analyzer is the United States ZhuoHao ZOHO company's set of system, event log analysis software. The software is capable of network-wide hosts, servers, network equipment and a variety of application service systems and other logs generated by the comprehensive collecti...

php: out-of-bounds write in fpm_log.c

An out-of-bounds write flaw was found in the fpmlogwrite logging function of PHP's FastCGI Process Manager service. A remote attacker could repeatedly send maliciously crafted requests to force FPM to exhaust file system space, creating a denial of service and preventing further logging...

Buffer Overflow Vulnerability in the log function of Interstage HTTP Server

Overview The log function ihsrlog/rotatelogs of Interstage HTTP Server contains a buffer overflow vulnerability. Impact An attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Format string

Multiple format string vulnerabilities in Yet Another Radius Daemon YARD RADIUS 1.1.2 allow context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via format string specifiers in a request in the 1 logmsg function in log.c or 2 version or 3 buildversion...