130 matches found
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting Python Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and...
WinSyslog Interactive Syslog Server 4.21/ long Message Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8821/info WinSyslog is prone to a remotely exploitable denial of service vulnerability. The issue exists in the Interactive Syslog Server specifically. This occurs when the program receives multiple excessive syslog...
Syslog Watcher Pro 2.8.0.812 - (Date Parameter) - Cross Site Scripting Vulnerability
No description provided by source. Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812Jun 15, 2009 Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impac...
Syslog Server 1.2.3 - Crash PoC
No description provided by source. !/usr/bin/python Exploit Title: Syslog Server 1.2.3 Date: 12th June 2013 Exploit Author: npn Exploit Author Homepage: http://www.iodigitalsec.com/ Vendor Homepage: http://sourceforge.net/users/ghuysmans Software Link:...
Mikrotik Syslog Server for Windows 1.15 - Denial of Service
No description provided by source. Exploit Title: Mikrotik Syslog Server for Windows - remote BOF DOS Date: 19.04.2013 Exploit Author: xisone@STM Solutions Vendor Homepage: www.mikrotik.com Software Link: http://www.mikrotik.com/download/MTSyslog.exe Version: 1.15 most recent version 19.04.2013...
OpenSSL Man-in-the-middle vulnerability
The Palo Alto Networks product security engineering team has completed analysis of our products' exposure to the vulnerabilities described in the OpenSSL Security Advisory dated June 5th, 2014. Of the 7 CVEs highlighted in the advisory, only CVE-2014-0224 is relevant to our software. The...
Syslog Server 1.2.3 Denial Of Service
!/usr/bin/python Exploit Title: Syslog Server 1.2.3 Date: 12th June 2013 Exploit Author: npn Exploit Author Homepage: http://www.iodigitalsec.com/ Vendor Homepage: http://sourceforge.net/users/ghuysmans Software Link: http://download.cnet.com/Syslog-Server/3000-20854-75868875.html Version: 1.2.3...
Syslog Server 1.2.3 - Crash (PoC)
Syslog Server 1.2.3 - Crash PoC !/usr/bin/python Exploit Title: Syslog Server 1.2.3 Date: 12th June 2013 Exploit Author: npn Exploit Author Homepage: http://www.iodigitalsec.com/ Vendor Homepage: http://sourceforge.net/users/ghuysmans Software Link:...
Syslog Server 1.2.3 - Crash PoC
Exploit for windows platform in category dos / poc This software suffers validation errors throughout the basic protocol implementation making it possible to cause overflows, type mismatches and so on. Here is a type mismatch crash: echo "pwn"|nc -u 192.168.200.20 514 0day.today 2018-04-05...
Syslog Server 1.2.3 - Crash (PoC)
!/usr/bin/python Exploit Title: Syslog Server 1.2.3 Date: 12th June 2013 Exploit Author: npn Exploit Author Homepage: http://www.iodigitalsec.com/ Vendor Homepage: http://sourceforge.net/users/ghuysmans Software Link: http://download.cnet.com/Syslog-Server/3000-20854-75868875.html Version: 1.2.3...
Syslog Watcher Pro 2.8.0.812 - 'Date' Cross-Site Scripting
Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812Jun 15, 2009 Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 6.4,...
Mikrotik Syslog Server for Windows 1.15 - Denial of Service (Metasploit)
Exploit Title: Mikrotik Syslog Server for Windows - remote BOF DOS Date: 19.04.2013 Exploit Author: xisone@STM Solutions Vendor Homepage: www.mikrotik.com Software Link: http://www.mikrotik.com/download/MTSyslog.exe Version: 1.15 most recent version 19.04.2013 Tested on: Windows XP SP3, Windows 7...
CVE-2010-4840
Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service SysEvttCol.exe process crash or possibly execute arbitrary code via a long Syslog PRI message header to UDP port 1 513 or 2 514. Fixed in 7.2 Build 7020...
Buffer overflow
Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service SysEvttCol.exe process crash or possibly execute arbitrary code via a long Syslog PRI message header to UDP port 1 513 or 2 514. Fixed in 7.2 Build 7020...
CVE-2010-4840
CVE-2010-4840 affects ManageEngine EventLog Analyzer 6.1 where the Syslog server component (SysEvttCol.exe) contains multiple buffer overflows that can be triggered by a long Syslog PRI header sent to UDP ports 513 or 514. Successful exploitation may cause a denial-of-service (process crash) and ...
CVE-2010-4840
Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service SysEvttCol.exe process crash or possibly execute arbitrary code via a long Syslog PRI message header to UDP port 1 513 or 2 514. Fixed in 7.2 Build 7020...
Kiwi Syslog Server Web Access Login Username Enumeration
Kiwi Syslog Web Access is installed on the remote host. The installed version responds with different error messages when an user attempts to login with existent and non-existent accounts. A remote unauthenticated attacker may exploit this vulnerability to enumerate valid users for the remote web...
Profense Web Application Firewall 2.6.2 - Cross-Site Request Forgery Cross-Site Scripting
Profense Web Application Firewall 2.6.2 - Cross-Site Request Forgery Cross-Site Scripting Written By Michael Brooks Special thanks to str0ke! Affects: Profense Web Application Firewall XSRF and XSS Version: 2.6.2 download http://www.armorlogic.com/downloadsoftware.html "Defenses against all OWASP...
Command injection
Cisco Adaptive Security Appliance ASA running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog...
CVE-2007-4786
Cisco Adaptive Security Appliance ASA running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog...