Lucene search
K

168 matches found

Cvelist
Cvelist
added 2021/07/23 11:25 a.m.30 views

CVE-2021-20333 Server log entry spoofing via newline injection

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.1...

5.3CVSS5.6AI score0.01273EPSS
Exploits1References1
OSV
OSV
added 2021/05/19 7:15 p.m.4 views

CVE-2021-27925

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can depending on a race condition cause an internal user with administrator privileges, @nsserver, to have its credentials leaked in cleartext in the...

4.4CVSS5.8AI score0.00529EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/11/11 12:0 a.m.12 views

openGauss: Configuring the Server Log Message Level

The parameter logminmessages specifies the level of messages to be written into server logs. The valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. It must be NOTICE at least. After a level is selected, messages at this level and its...

7.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/11 12:0 a.m.8 views

openGauss: Enabling the Logging of User Logout

Similar to logconnections, a record containing a session duration is added to the server log at the end of the session. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.2AI score
Exploits0References1
Hacker One
Hacker One
added 2020/06/03 4:59 p.m.102 views

h1-ctf: [H1-2006 2020] "Swiss Cheese" design style leads to helping Mårten Mickos pay poor hackers

Summary: Several vulnerabilities in the bountypay application leads to unauthorised access, information disclosure, SSRF and other fun stuff. Steps To Reproduce: This is how I helped Mårten Mickos pay the poor hackers who had been waiting so long for their bounties. First part: Web I started by...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2020/05/03 11:25 a.m.17 views

Open-Xchange: reading the stack data of the imap process

in dovecot / core in the imap-client-hibernate.c file in the imaphibernatehandshake function, lines 31..39 contain vulnerable code: cpp else if ret = readfd, buf, sizeofbuf-1 0 && bufret-1 == '\n' bufret-1 = '\0'; if versionstringverifybuf, "imap-hibernate", 1 return 0; ierror"%s sent invalid...

0.9AI score
Exploits0
CNVD
CNVD
added 2020/02/20 12:0 a.m.3 views

Netsweeper Path Traversal Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. A path traversal vulnerability exists in the webadmin/reporter/viewserverlog.php file in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. The vulnerability stems from a...

5.3CVSS6.8AI score0.10619EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2020/01/21 3:34 p.m.32 views

CVE-2016-8627

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

6.5CVSS6.9AI score0.02693EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2019/09/25 12:0 a.m.155 views

WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting

Exploit Title: WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting Date: 2019-09-10 Exploit Author: strider Software Link: https://github.com/anttiviljami/wp-server-log-viewer Version: 1.0 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/12/10 12:0 a.m.11 views

OnionShare File Overwrite and Information Disclosure Vulnerability

OnionShare is an open source file encryption transfer or sharing software developed by Brazilian software developer Micah Lee. A file overwrite and information disclosure vulnerability exists in the 'debugmode' function of the web/web.py file in OnionShare 1.3.1 and earlier versions, which can be...

7CVSS5.9AI score0.00314EPSS
Exploits0References1
NVD
NVD
added 2018/12/05 9:29 a.m.17 views

CVE-2018-19786

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported...

8.1CVSS8.1AI score0.00934EPSS
Exploits0References1
Prion
Prion
added 2018/12/05 9:29 a.m.15 views

Design/Logic Flaw

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported...

4.3CVSS7.9AI score0.00934EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/12/05 9:29 a.m.12 views

CVE-2018-19786

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported...

8.1CVSS6.8AI score
Exploits0References1
Cvelist
Cvelist
added 2018/12/05 9:0 a.m.22 views

CVE-2018-19786

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported...

8.1AI score0.00934EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/08/20 7:0 p.m.26 views

CVE-2018-1000633

The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable vi...

7.1AI score0.01219EPSS
Exploits0References2
NVD
NVD
added 2018/06/21 7:29 p.m.17 views

CVE-2018-7683

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files...

7.5CVSS7.3AI score0.01111EPSS
Exploits0References1
Prion
Prion
added 2018/06/21 7:29 p.m.17 views

Code injection

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files...

5CVSS7.3AI score0.01111EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2018/05/17 6:27 p.m.6 views

jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

7.8CVSS7.3AI score0.00366EPSS
Exploits0References4
Prion
Prion
added 2018/05/11 1:29 p.m.20 views

Design/Logic Flaw

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

4.3CVSS6.7AI score0.02693EPSS
Exploits0References16Affected Software1
Cvelist
Cvelist
added 2018/05/11 1:0 p.m.41 views

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

4.3CVSS6.7AI score0.02693EPSS
Exploits0References16
Rows per page
Query Builder