CVE-2022-41761

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

Path traversal

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

PT-2023-14030 · Nokia · Nokia Nfm-T

Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: An issue exists in the VM Manager WebUI under the endpoint "/cgi-bin/R19.9/viewlog.pl" via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files due to an Absolute Path...

SUSE CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

Cross-site Scripting (XSS)

monit:stretch is vulnerable to cross-site scripting. Lack of proper sanitization in http/cervlet.c allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandle...

CVE-2017-18368

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40ULM.0b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited...

DEBIAN-CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

ALPINE-CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

CVE-2019-11454

CVE-2019-11454 affects Monit before 5.25.3, with a persistent cross‑site scripting (XSS) flaw in http/cervlet.c that could be triggered via an unsanitized user field in the Authorization header during an _viewlog operation. Connected advisories show multiple distributions addressing this with fix...

CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

UBUNTU-CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

CVE-2003-0676

Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 aka Sun ONE allows remote attackers to read arbitrary files via "..%2f" partially encoded dot dot sequences...