52 matches found
EUVD-2021-0761
Malware in sbrugna...
EUVD-2013-6620
Malware in sbrugna...
EUVD-2022-5140
Malicious code in bioql PyPI...
CVE-2020-29454
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access...
CVE-2019-0202
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints...
SUSE CVE-2019-0202
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints...
Exposure of Sensitive Information in Apache Storm Logviewer
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints...
GHSA-R9PV-HG64-JQRP Exposure of Sensitive Information in Apache Storm Logviewer
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints...
WSO2 Carbon directory traversal vulnerability
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the logFile parameter to downloadgz-ajaxprocessor.jsp...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the logFile parameter in the LogViewer Admin Service. An attacker can read arbitrary files by manipulating the input to include directory traversal sequences such as .. dot dot. This is only exploitable if the...
GHSA-MJWW-VQQW-V78Q WSO2 Carbon directory traversal vulnerability
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the logFile parameter to downloadgz-ajaxprocessor.jsp...
logviewer (=1.0.0), samuel (>=0.0.1 <=0.0.227) potentially affected by CVE-2020-7712 via json (>=0.0.12 <=0.0.14)
json NPM version =0.0.12, =0.0.1, =0.0.227 Source cves: CVE-2020-7712 Source advisory: OSV:GHSA-3C6G-PVG8-GQW2...
GHSA-4VP3-VFWW-8648 Incorrect permission enforcement in UmbracoCms
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access...
Incorrect permission enforcement in UmbracoCms
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access...
Lukashinsch Spring Boot Actuator Logview Path Traversal Vulnerability
Lukashinsch Spring Boot Actuator Logview is a codebase by the individual developer Ffay Lukashinsch that provides Spring Boot with the ability to view logs via a web interface. A path traversal vulnerability exists in spring-boot-actuator-logview versions prior to 0.2.13, which stems from the...
Cross site scripting
SolarWinds Database Performance Analyzer DPA 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen...
CVE-2018-16243
SolarWinds Database Performance Analyzer DPA 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen...
Privilege Escalation
umbracocms is vulnerable to privilege escalation. A user without Applications.Settings access is able to visit a logviewer endpoint due to incorrect access control in Editors/LogViewerController.cs...
CVE-2020-29454
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access...
CVE-2020-29454
CVE-2020-29454 affects Umbraco up to 8.9.1. Editors/LogViewerController.cs improperly enforces access, allowing a user without Applications.Settings to visit the logviewer endpoint. The connected sources confirm the vulnerable component and the access-control bypass but do not provide a concrete ...