Lucene search
K

305 matches found

Huntr
Huntr
added 2022/01/27 4:28 a.m.7 views

in delgan/loguru

Description Loguru is vulnerable to log injection on all logging methods as it is possible to inject newlines "\n" which will create a new log entry in the logfile. This can lead to attackers tampering with logs and a loss of integrity of the log files as a result Proof of Concept from loguru...

2AI score0.01268EPSS
Exploits1References2
Kitploit
Kitploit
added 2021/11/04 11:30 a.m.64 views

LDAPmonitor - Monitor Creation, Deletion And Changes To LDAP Objects Live During Your Pentest Or System Administration!

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object. Features Feature | Python .py | CSharp .exe | Powershell .ps1 ---|---|---|---...

7.5AI score
Exploits0References4
OSV
OSV
added 2021/07/30 2:15 p.m.5 views

CVE-2021-36766

Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/singlepage/dashboard/system/environment/logging.php Logging::updatelogging method. User input passed through the logFile request parameter is not properly sanitized before being used in a ca...

7.2CVSS7.4AI score0.0368EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/07/30 2:15 p.m.2 views

CVE-2021-36766

Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/singlepage/dashboard/system/environment/logging.php Logging::updatelogging method. User input passed through the logFile request parameter is not properly sanitized before being used in a ca...

7.2CVSS7.2AI score0.0368EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/07/27 5:38 a.m.32 views

CVE-2021-36766

Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/singlepage/dashboard/system/environment/logging.php Logging::updatelogging method. User input passed through the logFile request parameter is not properly sanitized before being used in a ca...

7.4AI score0.0368EPSS
Exploits1References3
Kitploit
Kitploit
added 2021/06/27 12:30 p.m.55 views

HoneyCreds - Network Credential Injection To Detect Responder And Other Network Poisoners

HoneyCreds network credential injection to detect responder and other network poisoners. Requirements Requires Python 3.6+ tested on Python 3.9 smbprotocol cffi splunk-sdk Installation git clone https://github.com/Ben0xA/HoneyCreds.git cd HoneyCreds pip3 install -r requirements.txt Running python...

7.5AI score
Exploits0References1
Prion
Prion
added 2021/06/01 8:15 p.m.19 views

Design/Logic Flaw

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable...

2.1CVSS5.4AI score0.00286EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.39 views

openSUSE Security Update : cobbler (openSUSE-2021-46)

This update for cobbler fixes the following issues : - Add cobbler-tests subpackage for unit testing for openSUSE/SLE - Adds LoadModule definitions for openSUSE/SLE - Switch to new refactored auth module. - use systemctl to restart cobblerd on logfile rotation boo1169207 Mainline logrotate conf...

10CVSS7.5AI score0.6786EPSS
Exploits2References72
VulnCheck KEV
VulnCheck KEV
added 2020/10/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-14665

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root...

7.2CVSS7.2AI score0.2704EPSS
Exploits39References1
Veracode
Veracode
added 2020/05/10 11:21 p.m.23 views

Privilege Escalation

screen is vulnerable to privilege escalation. A local user is able to modify arbitrary files to gain root privileges through improper checking of logfile permissions...

7.8CVSS3.5AI score0.01087EPSS
Exploits6References6Affected Software1
OSV
OSV
added 2020/02/11 6:15 p.m.3 views

CVE-2020-8429

The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs...

8.8CVSS6AI score0.01697EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2019/11/25 12:0 a.m.5 views

The vulnerability of the pg_catalog.pg_logfile_rotate() function in the adminpack module of the PostgreSQL database management system allows a attacker to compromise the integrity of protected information or cause service failures.

The vulnerability of the pgcatalog.pglogfilerotate function in the adminpack database management system of PostgreSQL is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of protected information or cause service failur...

9.4CVSS6.5AI score0.04042EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2019/10/22 12:0 a.m.239 views

Xorg X11 Server SUID modulepath Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xorg X11 Server SUID modulepath Privilege Escalation', 'Description' = %q This module attempts to gain root privileges with SUID Xorg X11 server...

7.2CVSS0.3AI score0.2704EPSS
Exploits39
Packet Storm
Packet Storm
added 2019/09/25 12:0 a.m.158 views

WP Server Log Viewer 1.0 Cross Site Scripting

Exploit Title: WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting Date: 2019-09-10 Exploit Author: strider Software Link: https://github.com/anttiviljami/wp-server-log-viewer Version: 1.0 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...

0.3AI score
Exploits0
OSV
OSV
added 2019/08/05 1:15 p.m.2 views

CVE-2016-10771

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing SEC-165...

8.1CVSS5.8AI score0.00892EPSS
Exploits0References1
NVD
NVD
added 2019/08/05 1:15 p.m.21 views

CVE-2016-10771

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing SEC-165...

8.1CVSS8.1AI score0.00892EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/10 8:10 p.m.25 views

Security Bulletin: An IBM QRadar SIEM protocol is vulnerable to Incorrect Permission Assignment (CVE-2018-2024)

Summary The Log file protocol could allow permissions to a resource to be read or modified by unintended actors. Vulnerability Details CVEID: CVE-2018-2024 Description: IBM QRadar specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by...

8.1CVSS2.1AI score0.00681EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/12/13 12:0 a.m.69 views

AIX 7.2 TL 2 : xorg (IJ11549)

https://vulners.com/cve/CVE-2018-14665 https://vulners.com/cve/CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the...

7.2CVSS7.6AI score0.2704EPSS
Exploits39References2
CNVD
CNVD
added 2018/12/04 12:0 a.m.5 views

Drobo 5N2 Improper Access Control Vulnerability (CNVD-2019-05934)

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. An access control error vulnerability exists in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. An attacker c...

7.5CVSS6.8AI score0.01313EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.70 views

xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

!/bin/sh raptorxorgy - xorg-x11-server LPE via modulepath switch Copyright c 2018 Marco Ivaldi A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to...

7.2CVSS7.2AI score0.2704EPSS
Exploits39
Rows per page
Query Builder