Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
log injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-40113
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote malicious user to perform the following actions: Log in with a default credenti...
Cisco Catalyst Pon Switch Cgp-ont-1p Firmware
Cisco Catalyst Pon Switch Cgp-ont-4p Firmware
Cisco Catalyst Pon Switch Cgp-ont-4pvc Firmware
Cisco Catalyst Pon Switch Cgp-ont-4tvcw Firmware
Cisco Catalyst Pon Switch Cgp-ont-4pv Firmware
9.8
CVSSv3
CVE-2021-34795
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote malicious user to perform the following actions: Log in with a default credenti...
Cisco Catalyst Pon Switch Cgp-ont-1p Firmware
Cisco Catalyst Pon Switch Cgp-ont-4p Firmware
Cisco Catalyst Pon Switch Cgp-ont-4pvc Firmware
Cisco Catalyst Pon Switch Cgp-ont-4tvcw Firmware
Cisco Catalyst Pon Switch Cgp-ont-4pv Firmware
9.8
CVSSv3
CVE-2021-40323
Cobbler prior to 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler Project Cobbler
9.8
CVSSv3
CVE-2021-30116
Kaseya VSA prior to 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacke...
Kaseya Vsa Agent
Kaseya Vsa Server
3 Github repositories
1 Article
9.8
CVSSv3
CVE-2020-28026
Exim 4 prior to 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote malicious...
Exim Exim
2 Github repositories
9.8
CVSSv3
CVE-2020-6880
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versi...
Zte Zxv10 W908 Firmware
9.8
CVSSv3
CVE-2020-16165
The DAO/DTO implementation in SpringBlade up to and including 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
Springblade Project Springblade
9.8
CVSSv3
CVE-2020-1631
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated malicious user to perform local file inclusion (LFI) or path traver...
Juniper Junos 15.1x49
Juniper Junos 15.1
Juniper Junos 12.3
Juniper Junos 14.1x53
Juniper Junos 12.3x48
Juniper Junos 16.1
Juniper Junos 17.2
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
Juniper Junos 18.2
Juniper Junos 18.3
Juniper Junos 18.4
Juniper Junos 19.1
Juniper Junos 19.2
Juniper Junos 19.3
Juniper Junos 19.4
Juniper Junos 20.1
9.8
CVSSv3
CVE-2015-9344
The link-log plugin prior to 2.1 for WordPress has SQL injection.
Perafox Link Log
9.8
CVSSv3
CVE-2017-18573
The simple-login-log plugin prior to 1.1.2 for WordPress has SQL injection.
Simplerealtytheme Simple Login Log
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »