114 matches found
CVE-2024-28072
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly...
PT-2024-22252 · Solarwinds · Serv-U Ftp Server
Name of the Vulnerable Software and Affected Versions: Serv-U FTP server affected versions not specified Description: A highly privileged account can overwrite arbitrary files on the system with log output due to improper sanitization of log file path tags. Recommendations: At the moment, there i...
UBUNTU-CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
PT-2024-15997 · Shanxi Diankeyun Technology · Noderp
Name of the Vulnerable Software and Affected Versions: Shanxi Diankeyun Technology NODERP versions up to 6.0.2 Description: A critical issue has been found in the software, affecting unknown code of the file /runtime/log. This allows for files or directories to be made accessible. The attack can ...
CVE-2023-40338
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system...
PT-2023-27396 · Jenkins · Jenkins Folders Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier Description: The issue concerns the Jenkins Folders Plugin, which displays an error message including the absolute path of a log file when attempting to access the Scan...
PT-2023-4360 · Triangle Microworks · Scada Data Gateway
Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: The issue is related to incorrect restriction of a directory path with limited access. This can be exploited by a remote attacker to execute arbitrary code in...
PT-2023-13337 · Glpi · Glpi Cmdb Plugin
Name of the Vulnerable Software and Affected Versions: GLPI CMDB plugin versions prior to 3.0.3 Description: The issue allows attackers to gain read access to sensitive information via a log/ pathname in the file parameter. This is achieved by exploiting the front/icon.send.php file in the CMDB...
PT-2023-17166 · Xunruicms · Xunruicms
Name of the Vulnerable Software and Affected Versions: Xunrui CMS version 4.61 Description: A vulnerability was found in Xunrui CMS, affecting some unknown functionality of the file /dayrui/Fcms/View/system log.html. This issue leads to information disclosure and can be exploited remotely...
SUSE CVE-2012-5638
The setuplogging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations...
SUSE CVE-2017-16661
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...
SUSE CVE-2018-19960
The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...
DEBIAN-CVE-2022-29806
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...
UBUNTU-CVE-2022-29806
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...
CVE-2021-24966
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder...
CVE-2021-38283
Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read application log files containing sensitive information via a predictable /log URI...
Code injection
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter...
CVE-2013-3321
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter...
CVE-2019-12573
A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...
CVE-2019-6267
The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI...