Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
log injection vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2011-1018
logwatch.pl in Logwatch 7.3.6 allows remote malicious users to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.
Logwatch Logwatch 7.3.6
1 EDB exploit
445
VMScore
CVE-2003-0020
Apache does not filter terminal escape sequences from its error logs, which could make it easier for malicious users to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
Apache Http Server
NA
CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code ...
Zoneminder Zoneminder
NA
CVE-2022-39290
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET an...
Zoneminder Zoneminder
NA
CVE-2022-39291
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed th...
Zoneminder Zoneminder
641
VMScore
CVE-2019-1699
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local malicious user to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecti...
Cisco Firepower Management Center
641
VMScore
CVE-2021-1452
A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical m...
Cisco Ios Xe Rom Monitor
935
VMScore
CVE-2003-1026
Internet Explorer 5.01 through 6 SP1 allows remote malicious users to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstra...
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 6.0
Microsoft Ie 6.0
1 EDB exploit
641
VMScore
CVE-2019-1709
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local malicious user to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecti...
Cisco Firepower Threat Defense 6.2.0
Cisco Firepower Threat Defense 6.2.2
Cisco Firepower Threat Defense 6.0.0
Cisco Firepower Threat Defense 6.0.1
Cisco Firepower Threat Defense 6.1.0
Cisco Firepower Management Center 6.3.0
Cisco Firepower Threat Defense 6.2.1
Cisco Firepower Threat Defense 6.2.3
505
VMScore
CVE-2009-4491
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a termin...
Acme Thttpd 2.25
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »