Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
log injection vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-42041
An issue exists in CentralAuth in MediaWiki up to and including 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2021-40323
Cobbler prior to 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler Project Cobbler
9.8
CVSSv3
CVE-2021-30116
Kaseya VSA prior to 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacke...
Kaseya Vsa Agent
Kaseya Vsa Server
3 Github repositories
1 Article
9.8
CVSSv3
CVE-2020-28026
Exim 4 prior to 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote malicious...
Exim Exim
2 Github repositories
7.5
CVSSv3
CVE-2021-31164
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.
Apache Unomi
7.8
CVSSv3
CVE-2020-27519
Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged scri...
Pritunl Pritunl-client-electron 1.2.2550.20
7.8
CVSSv3
CVE-2021-1448
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local malicious user to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This ...
Cisco Firepower Threat Defense
8.6
CVSSv3
CVE-2021-1474
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote malicious user to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities...
Cisco Umbrella -
4.1
CVSSv3
CVE-2021-1475
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote malicious user to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities...
Cisco Umbrella -
5.9
CVSSv3
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_ce...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Freebsd Freebsd 12.2
Netapp Santricity Smi-s Provider -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Netapp Cloud Volumes Ontap Mediator -
Netapp E-series Performance Analyzer -
Tenable Tenable.sc
Tenable Nessus
Tenable Nessus Network Monitor 5.11.1
Tenable Nessus Network Monitor 5.12.0
Tenable Nessus Network Monitor 5.12.1
Tenable Nessus Network Monitor 5.13.0
Tenable Nessus Network Monitor 5.11.0
Tenable Log Correlation Engine
Fedoraproject Fedora 34
5 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »