Lucene search
+L

114 matches found

OSV
OSV
added 2024/05/03 8:15 a.m.6 views

CVE-2024-28072

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly...

4.9CVSS5.9AI score0.00638EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.6 views

PT-2024-22252 · Solarwinds · Serv-U Ftp Server

Name of the Vulnerable Software and Affected Versions: Serv-U FTP server affected versions not specified Description: A highly privileged account can overwrite arbitrary files on the system with log output due to improper sanitization of log file path tags. Recommendations: At the moment, there i...

5.7CVSS7AI score0.00638EPSS
Exploits0References6
OSV
OSV
added 2024/03/18 9:15 p.m.5 views

UBUNTU-CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

7.9CVSS5.8AI score0.17868EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.5 views

PT-2024-15997 · Shanxi Diankeyun Technology · Noderp

Name of the Vulnerable Software and Affected Versions: Shanxi Diankeyun Technology NODERP versions up to 6.0.2 Description: A critical issue has been found in the software, affecting unknown code of the file /runtime/log. This allows for files or directories to be made accessible. The attack can ...

7.5CVSS5.6AI score0.00914EPSS
Exploits0References7
OSV
OSV
added 2023/08/16 3:15 p.m.6 views

CVE-2023-40338

Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system...

4.3CVSS5.9AI score0.00533EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.5 views

PT-2023-27396 · Jenkins · Jenkins Folders Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier Description: The issue concerns the Jenkins Folders Plugin, which displays an error message including the absolute path of a log file when attempting to access the Scan...

4.3CVSS4.5AI score0.00533EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.8 views

PT-2023-4360 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: The issue is related to incorrect restriction of a directory path with limited access. This can be exploited by a remote attacker to execute arbitrary code in...

8.3CVSS7.6AI score0.02854EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/04/16 12:0 a.m.7 views

PT-2023-13337 · Glpi · Glpi Cmdb Plugin

Name of the Vulnerable Software and Affected Versions: GLPI CMDB plugin versions prior to 3.0.3 Description: The issue allows attackers to gain read access to sensitive information via a log/ pathname in the file parameter. This is achieved by exploiting the front/icon.send.php file in the CMDB...

6.5CVSS6.6AI score0.0457EPSS
Exploits3References9
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.10 views

PT-2023-17166 · Xunruicms · Xunruicms

Name of the Vulnerable Software and Affected Versions: Xunrui CMS version 4.61 Description: A vulnerability was found in Xunrui CMS, affecting some unknown functionality of the file /dayrui/Fcms/View/system log.html. This issue leads to information disclosure and can be exploited remotely...

7.5CVSS4.8AI score0.00497EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.7 views

SUSE CVE-2012-5638

The setuplogging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations...

3.6CVSS8.7AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.3 views

SUSE CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...

4.9CVSS9.3AI score0.01474EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.4 views

SUSE CVE-2018-19960

The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...

7CVSS6.4AI score0.00314EPSS
Exploits0References3
OSV
OSV
added 2022/04/26 4:15 a.m.2 views

DEBIAN-CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

9.8CVSS9.4AI score0.67128EPSS
Exploits6References1
OSV
OSV
added 2022/04/26 4:15 a.m.5 views

UBUNTU-CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

9.8CVSS7.9AI score0.67128EPSS
Exploits6References7
OSV
OSV
added 2022/03/14 3:15 p.m.4 views

CVE-2021-24966

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder...

4.9CVSS5.9AI score0.05188EPSS
Exploits5References1
OSV
OSV
added 2021/11/29 8:15 a.m.5 views

CVE-2021-38283

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read application log files containing sensitive information via a predictable /log URI...

7.5CVSS5.8AI score0.02412EPSS
Exploits5References2
Prion
Prion
added 2020/01/29 10:15 p.m.16 views

Code injection

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter...

6CVSS7.4AI score0.02245EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/01/29 9:40 p.m.43 views

CVE-2013-3321

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter...

7.6AI score0.02245EPSS
Exploits2References2
OSV
OSV
added 2019/07/11 8:15 p.m.5 views

CVE-2019-12573

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...

7.1CVSS7.2AI score0.00582EPSS
Exploits1References1
OSV
OSV
added 2019/01/15 12:29 a.m.3 views

CVE-2019-6267

The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI...

6.1CVSS6.3AI score0.01365EPSS
Exploits1References3
Rows per page
Query Builder