1637 matches found
CVE-2021-35235 ASP.NET Debug Feature Enabled
The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely...
CVE-2021-35235
The CVE concerns SolarWinds Kiwi Syslog Server (versions
CVE-2021-35233
CVE-2021-35233 affects SolarWinds Kiwi Syslog Server 9.7.1 and earlier, where enabling HTTP TRACK & TRACE can cause the server to echo the exact HTTP request in the response, potentially leaking sensitive information such as internal authentication headers appended by reverse proxies. The issue i...
CVE-2021-35233 HTTP TRACK & TRACE Methods Enabled
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client...
Solarwinds Kiwi Syslog Server 安全漏洞
Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A security vulnerability exists in...
Solarwinds Kiwi Syslog Server 安全漏洞
Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A security vulnerability exists in...
NewStart CGSL CORE 5.05 / MAIN 5.05 : rsyslog Vulnerability (NS-SA-2021-0176)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has rsyslog packages installed that are affected by a vulnerability: - Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might...
Solarwinds Kiwi Syslog Server 配置错误漏洞
Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A security vulnerability exists in...
PT-2021-20858 · Unknown · Kiwi Syslog Server
Name of the Vulnerable Software and Affected Versions: Kiwi Syslog Server versions 9.7.2 and earlier Description: The Secure flag is not set in the SSL Cookie, which means the cookie can be sent over unencrypted requests if the application is accessible over both HTTP and HTTPS. This poses a risk...
CVE-2021-35231
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path:...
CVE-2021-35231
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path:...
Code injection
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path:...
CVE-2021-35231 Unquoted Path (SMB Login) Vulnerability
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path:...
CVE-2021-35231
The CVE-2021-35231 entry concerns unquoted service path vulnerability in the Kiwi Syslog Server Installation Wizard. A local attacker could escalate privileges by placing an executable in the affected service/uninstall entry path (example: Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services...
Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root
!/usr/bin/env python3 Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root Telnet/SSH Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: CTM-ONE 1.3.6-latest CTM-ONE 1.3.1 CTM-ONE 1.1.9 CTM200 2.7.1.5659-latest CTM200 2.0.5.3356-184 Summar...
Siemens SINEMA Remote Connect Server Access Control Error Vulnerability
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. An access control error vulnerability exists in SINEMA Remote Connect Server, which can be exploited ...
CVE-2021-37177
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system...
Information disclosure
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system...
CVE-2021-37177
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system...
CVE-2021-37177
The CVE-2021-37177 entry affects Siemens SINEMA Remote Connect Server (all versions before 3.0 SP2). The vulnerability allows an unauthenticated attacker on the same network to manipulate the status provided by managed syslog clients, indicating a modification of assumed-immutable data (CWE-471) ...