EUVD-2017-17866

Malware in sbrugna...

EUVD-2023-33516

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this...

Path Traversal

spring-boot-actuator-logview is vulnerable to Path Traversal. The vulnerability exists in the securityCheck function of LogViewEndpoint.java because it does not properly validate relative paths, allowing an attacker to access files outside the expected directory through the path such as /usr/outn...

CVE-2023-29986

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...

CVE-2023-29986

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...

Directory traversal

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...

Lukashinsch Spring Boot Actuator Logview 路径遍历漏洞

Lukashinsch Spring Boot Actuator Logview is a codebase by Lukashinsch, an individual developer, that provides Spring Boot with the ability to view logs through a web interface. A security vulnerability exists in Lukashinsch Spring Boot Actuator Logview version 0.2.13. An attacker could exploit th...

CVE-2023-29986

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...

PT-2023-22505 · Unknown · Spring-Boot-Actuator-Logview

Name of the Vulnerable Software and Affected Versions: spring-boot-actuator-logview version 0.2.13 Description: The issue allows Directory Traversal to sibling directories via the LogViewEndpoint.view endpoint. This enables access to files outside the intended directory, potentially leading to...

CVE-2023-29986

CVE-2023-29986 affects spring-boot-actuator-logview 0.2.13. The vulnerability is a Directory Traversal through LogViewEndpoint.view, enabling access to files outside the intended directory due to insufficient input validation. Documents indicate risk is a filesystem path traversal to sibling dire...

CVE-2022-30304

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via the URL parameter observed in the FortiWeb attack event...

Cross site scripting

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via the URL parameter observed in the FortiWeb attack event...

FortiAnalyzer - XSS vulnerability due to AngularJS Client-Side Template injection

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAnalyzer may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer...

Spring Boot Actuator Logview < 0.2.13 Directory Traversal

Spring Boot Actuator Logview is a library that adds a simple logfile viewer as Spring Boot Actuator endpoint. In Spring Boot Actuator Logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin Spring Boot...

Fortinet FortiAnalyzer Cross-Site Scripting Vulnerability (CNVD-2021-84594)

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

CVE-2021-24021

An improper neutralization of input vulnerability CWE-79 in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the column settings of Logview in FortiAnalyzer, should the...

Cross site scripting

An improper neutralization of input vulnerability CWE-79 in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the column settings of Logview in FortiAnalyzer, should the...

Fortinet FortiAnalyzer 跨站脚本漏洞

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

FortiAnalyzer - XSS vulnerability observed in the Column settings of LogView

An improper neutralization of input vulnerability CWE-79 in FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other,...