1636 matches found
CVE-2025-12940
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points. An user having access to the syslog server can read the logs containing these credentials. This issue affects...
EUVD-2025-93540
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points. An user having access to the syslog server can read the logs containing these credentials. This issue affects...
CVE-2025-12940
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points. An user having access to the syslog server can read the logs containing these credentials. This issue affects...
CVE-2025-12940 Credentials recorded in logs in NETGEAR WAX610 and WAX610Y
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points. An user having access to the syslog server can read the logs containing these credentials. This issue affects...
CVE-2025-12940
CVE-2025-12940 affects NETGEAR WAX610 and WAX610Y access points. A configuration issue causes login credentials to be recorded in logs when a Syslog Server is configured, allowing an attacker with syslog access to read credentials. Impact: credential disclosure for devices running firmware prior ...
CVE-2025-12940 Credentials recorded in logs in NETGEAR WAX610 and WAX610Y
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points. An user having access to the syslog server can read the logs containing these credentials. This issue affects...
PT-2025-46351
Name of the Vulnerable Software and Affected Versions NETGEAR WAX610 versions prior to 11.8.0.10 NETGEAR WAX610Y versions prior to 11.8.0.10 Description A configuration issue can lead to login credentials being inadvertently recorded in logs when a Syslog Server is configured. An attacker with...
CVE-2025-34315
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...
EUVD-2025-36521
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...
CVE-2025-34315
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...
CVE-2025-34315
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...
CVE-2025-34315
IPFire prior to version 2.29 (Core Update 198) is affected by a stored cross-site scripting (XSS) vulnerability in the REMOTELOG_ADDR parameter used when updating the remote syslog server address. The value is submitted via POST to /cgi-bin/logs.cgi/config.dat and is stored and later rendered in ...
CVE-2025-34315 IPFire < v2.29 Stored XSS via Remote Syslog Server Address
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...
CVE-2025-34315 IPFire < v2.29 Stored XSS via Remote Syslog Server Address
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...
PT-2025-44174
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the...
CVE-2025-12260
CVE-2025-12260 concerns TOTOLINK A3300R (firmware 17.0.0cu.557_B20221024). The vulnerability lies in the function setSyslogCfg within the file /cgi-bin/cstecgi.cgi, in the POST Parameter Handler, where manipulation of the enable argument leads to a stack-based buffer overflow. The issue is exploi...
VulnCheck KEV: CVE-2017-18369
The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the advremotelog.asp page and can be exploited through the syslogServerAd...
EUVD-2020-28932
Malware in sbrugna...
EUVD-2020-29309
Malware in sbrugna...
EUVD-1999-0552
Malware in sbrugna...