168 matches found
CVE-2021-20333 Server log entry spoofing via newline injection
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.1...
CVE-2021-27925
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can depending on a race condition cause an internal user with administrator privileges, @nsserver, to have its credentials leaked in cleartext in the...
openGauss: Configuring the Server Log Message Level
The parameter logminmessages specifies the level of messages to be written into server logs. The valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. It must be NOTICE at least. After a level is selected, messages at this level and its...
openGauss: Enabling the Logging of User Logout
Similar to logconnections, a record containing a session duration is added to the server log at the end of the session. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
h1-ctf: [H1-2006 2020] "Swiss Cheese" design style leads to helping Mårten Mickos pay poor hackers
Summary: Several vulnerabilities in the bountypay application leads to unauthorised access, information disclosure, SSRF and other fun stuff. Steps To Reproduce: This is how I helped Mårten Mickos pay the poor hackers who had been waiting so long for their bounties. First part: Web I started by...
Open-Xchange: reading the stack data of the imap process
in dovecot / core in the imap-client-hibernate.c file in the imaphibernatehandshake function, lines 31..39 contain vulnerable code: cpp else if ret = readfd, buf, sizeofbuf-1 0 && bufret-1 == '\n' bufret-1 = '\0'; if versionstringverifybuf, "imap-hibernate", 1 return 0; ierror"%s sent invalid...
Netsweeper Path Traversal Vulnerability
Netsweeper is a Web content filtering solution from Netsweeper Canada. A path traversal vulnerability exists in the webadmin/reporter/viewserverlog.php file in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. The vulnerability stems from a...
CVE-2016-8627
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...
WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting
Exploit Title: WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting Date: 2019-09-10 Exploit Author: strider Software Link: https://github.com/anttiviljami/wp-server-log-viewer Version: 1.0 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...
OnionShare File Overwrite and Information Disclosure Vulnerability
OnionShare is an open source file encryption transfer or sharing software developed by Brazilian software developer Micah Lee. A file overwrite and information disclosure vulnerability exists in the 'debugmode' function of the web/web.py file in OnionShare 1.3.1 and earlier versions, which can be...
CVE-2018-19786
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported...
Design/Logic Flaw
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported...
CVE-2018-19786
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported...
CVE-2018-19786
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported...
CVE-2018-1000633
The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable vi...
CVE-2018-7683
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files...
Code injection
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files...
jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation
It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...
Design/Logic Flaw
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...
CVE-2016-8627
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...