301 matches found
CVE-2022-48257
In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp...
CVE-2022-48257
In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp...
CVE-2022-40715
An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily...
CVE-2022-40715
An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily...
Path traversal
An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily...
Exploit for CVE-2121-44228
CVE-2021–44228 Demo 1. Introduction to CVE-2021–44228 At t...
GHSA-MJWW-VQQW-V78Q WSO2 Carbon directory traversal vulnerability
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the logFile parameter to downloadgz-ajaxprocessor.jsp...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the logFile parameter in the LogViewer Admin Service. An attacker can read arbitrary files by manipulating the input to include directory traversal sequences such as .. dot dot. This is only exploitable if the...
CVE-2022-28774
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted...
CVE-2022-28774
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted...
Authentication flaw
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted...
CVE-2022-28774
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted...
CVE-2022-28774
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted...
PT-2022-19223 · Sap · Sap Host Agent
Name of the Vulnerable Software and Affected Versions: SAP Host Agent affected versions not specified Description: The issue concerns the SAP Host Agent logfile, which under certain conditions, displays information that would otherwise be restricted. Recommendations: At the moment, there is no...
GHSA-W3V2-VFRJ-J9G8 Alkacon Open CMS XSS via Logfile Viewer Settings function
Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...
Alkacon Open CMS XSS via Logfile Viewer Settings function
Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...
Insertion of Sensitive Information into Log File in Hashicorp go-getter
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile...
GHSA-27RQ-4943-QCWP Insertion of Sensitive Information into Log File in Hashicorp go-getter
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile...
PT-2022-19843 · Hashicorp · Go-Getter
Name of the Vulnerable Software and Affected Versions: Hashicorp go-getter library versions prior to 1.5.11 Description: The issue concerns the Hashicorp go-getter library, where SSH credentials could be written into its logfile. This exposes sensitive credentials to local users who have the...
in delgan/loguru
Description Loguru is vulnerable to log injection on all logging methods as it is possible to inject newlines "\n" which will create a new log entry in the logfile. This can lead to attackers tampering with logs and a loss of integrity of the log files as a result Proof of Concept from loguru...