Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
log injection vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2003-1581
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote malicious users to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an &...
Apache Http Server 2.0.44
4.3
CVSSv2
CVE-2003-1580
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote malicious users to spoof IP addresses via crafted DNS responses conta...
Apache Http Server 2.0.44
5
CVSSv2
CVE-2006-6302
fail2ban 0.7.4 and previous versions does not properly parse sshd log files, which allows remote malicious users to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in v...
Fail2ban Fail2ban
7.5
CVSSv2
CVE-2018-0320
A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote malicious user to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An atta...
Cisco Prime Collaboration Provisioning
Cisco Prime Collaboration
6.4
CVSSv2
CVE-2005-1087
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote malicious users to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
An An-httpd 1.42n
1 EDB exploit
NA
CVE-2022-45899
Nokia BMC Log Scanner version 13 suffers from a remote command injection vulnerability.
4
CVSSv2
CVE-2021-42250
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.
Apache Superset
4.3
CVSSv2
CVE-2004-1657
Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote malicious users to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.
Newtelligence Dasblog 1.4
Newtelligence Dasblog 1.6
Newtelligence Dasblog 1.3
Newtelligence Dasblog 1.5
1 EDB exploit
5
CVSSv2
CVE-2017-15270
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by malicious users to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special chara...
Psftp Psftpd 10.0.4
1 EDB exploit
4.3
CVSSv2
CVE-2017-15271
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled malicious users to perform a very effective DoS attack agains...
Psftp Psftpd 10.0.4
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »