ROS-20260224-73-0013

A vulnerability in the Socket Appender component of the Apache Log4j Core logging library API implementation is related to incorrect certificate authentication. Exploitation of the vulnerability could allow a remote attacker to intercept log traffic...

CVE-2025-12969

Fluent Bit inforward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27636)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the REMOTELOGADDR parameter of the...

CVE-2025-34315

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...

CVE-2025-34315

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...

CVE-2025-34315 IPFire < v2.29 Stored XSS via Remote Syslog Server Address

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...

PT-2025-44174

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the REMOTELOGADDR parameter of the...

VulnCheck KEV: CVE-2017-18369

The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the advremotelog.asp page and can be exploited through the syslogServerAd...

EUVD-2015-7168

Malware in sbrugna...

EUVD-2017-13013

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-36567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines. CVE-2020-36567 Note tha...

CVE-2020-11968

In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step for settin...

CVE-2015-7237

Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent MA 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2024-40091

Vilo 5 Mesh WiFi System = 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system...

CVE-2024-40091

Vilo 5 Mesh WiFi System = 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system...

rsyslog Long Tag Off-By-Two Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rsyslog Long Tag Off-By-Two DoS', 'Description' = %q This module triggers an off-by-two overflow in the rsyslog daemon. This flaw is unlikely to...

CVE-2024-41611

In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands...

PT-2024-1642 · Splunk · Splunk Add-On Builder

Name of the Vulnerable Software and Affected Versions: Splunk Add-on Builder versions prior to 4.1.4 Description: The issue is related to improper handling of log output, allowing a remote attacker to write arbitrary information to internal log files. This can lead to the exposure of sensitive...

K86285055: The BIG-IP ASM system may fail to mask sensitive parameter for an Allowed URL in the Referrer header and logs

Security Advisory Description The BIG-IP ASM system may fail to mask a sensitive parameter for an Allowed URL. This issue occurs when all of the following conditions are met: You configured an Allowed HTTP URL enabled with the following settings in a security policy: Check Flows to this URL URL i...