Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

Path Injection

github.com/fkie-cad/yapscan is vulnerable to path injection. The vulnerability exists due to lack of permission validations in the report receiver server which allows an attacker to perform log injections...

Input validation

Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1 Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files...

CVE-2017-16680

SAP HANA XS/Extended Application Services 1.0 contains two audit log injection issues: (1) controller service HTTP/REST endpoints lack input validation, allowing unprivileged forged audit log lines, and (2) User Account and Authentication logs into syslog and a separate log file with unescaped en...

Rails 3.0.5 Log File Injection Proof Of Concept

Encoding: UTF-8 Log-File-Injection - Ruby on Rails 3.05 possibilities: - possible date back attacks tried with request-log-analyzer: worked but teasercheckwarnings - ip spoofing - binary log-injections - DOS if ip is used with an iptables-ban-script !! works only on intranet apps !! Fix: validate...