35 matches found
CVE-2025-1973
The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrar...
EUVD-2018-19399
Malware in sbrugna...
EUVD-2017-14262
Malware in sbrugna...
EUVD-2002-2367
Malware in sbrugna...
EUVD-2025-4630
Malicious code in bioql PyPI...
CVE-2024-47252
A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...
CVE-2024-47252
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
CVE-2011-2758
IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server TDS 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL...
CVE-2002-2389
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files...
CVE-2024-49355
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature...
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
Security Bulletin: Vulnerability due to Server log files exposure affects IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-8963)
Summary IBM License Metric Tool v9 and IBM BigFix Inventory v9 Server log files can potentially reveal sensitive information. Vulnerability Details CVEID: CVE-2016-8963 DESCRIPTION: IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user...
CVE-2016-8627
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...
Code injection
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files...
CVE-2018-7683
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files...
Design/Logic Flaw
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...
CVE-2016-8627
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...
admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...
admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...
admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...