Intel Server D50DNP 安全漏洞

Intel Server Products is a family of products from Intel Corporation USA. A security vulnerability exists in the Intel Server D50DNP PprRequestLog module that stems from an incorrect input validation issue. It could allow a privileged user to achieve privilege escalation via local access...

PT-2024-19377 · Intel · Intel Server D50Dnp Family

Name of the Vulnerable Software and Affected Versions: IntelR Server D50DNP Family products affected versions not specified Description: The issue is related to improper input validation in the PprRequestLog module in UEFI firmware, which may allow a privileged user to enable escalation of...

CVE-2024-1681 Log Injection Vulnerability in corydolphin/flask-cors

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

K02705117: The BIG-IP ASM system may fail to properly mask the value of a configured sensitive parameter in the request event log

Security Advisory Description When you configure a sensitive parameter for a security policy, the BIG-IP ASM system may fail to properly mask the value in the request log. This issue occurs when all of the following conditions are met: You enabled the Cross-Site Request Forgery CSRF Protection...

Unikrn: multiple vulnerabilities on your mautic server

Hi @unikrn! I found some vulnerabilities in you crm server: 1. By pass Cloudflare access: You Use Cloudflare Access on https://crm.unikrn.com . BUt this link bypassed Cloudflare Access: ████████/login This vulnerability generates the disclosure of important data: PHP info page: ██████████phpinfo ...

Newtelligence DasBlog 1.x Request Log HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11086/info DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input data before using it i...

Rails 3.0.5 Log File Injection Proof Of Concept

Encoding: UTF-8 Log-File-Injection - Ruby on Rails 3.05 possibilities: - possible date back attacks tried with request-log-analyzer: worked but teasercheckwarnings - ip spoofing - binary log-injections - DOS if ip is used with an iptables-ban-script !! works only on intranet apps !! Fix: validate...

Newtelligence DasBlog 1.x - Request Log HTML Injection

source: https://www.securityfocus.com/bid/11086/info DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input data before using it in the generation of dynamic web...

Newtelligence DasBlog 1.x - Request Log HTML Injection

Newtelligence DasBlog 1.x - Request Log HTML Injection source: https://www.securityfocus.com/bid/11086/info DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input...