Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
log injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2003-1580
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote malicious users to spoof IP addresses via crafted DNS responses conta...
Apache Http Server 2.0.44
NA
CVE-2003-1581
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote malicious users to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an &...
Apache Http Server 2.0.44
NA
CVE-2006-6302
fail2ban 0.7.4 and previous versions does not properly parse sshd log files, which allows remote malicious users to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in v...
Fail2ban Fail2ban
NA
CVE-2005-1087
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote malicious users to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
An An-httpd 1.42n
1 EDB exploit
NA
CVE-2022-45899
Nokia BMC Log Scanner version 13 suffers from a remote command injection vulnerability.
9.8
CVSSv3
CVE-2018-0320
A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote malicious user to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An atta...
Cisco Prime Collaboration Provisioning
Cisco Prime Collaboration
NA
CVE-2004-1657
Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote malicious users to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.
Newtelligence Dasblog 1.3
Newtelligence Dasblog 1.6
Newtelligence Dasblog 1.4
Newtelligence Dasblog 1.5
1 EDB exploit
5.3
CVSSv3
CVE-2017-15270
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by malicious users to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special chara...
Psftp Psftpd 10.0.4
1 EDB exploit
5.9
CVSSv3
CVE-2017-15271
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled malicious users to perform a very effective DoS attack agains...
Psftp Psftpd 10.0.4
1 EDB exploit
NA
CVE-2004-1210
Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote malicious users to inject arbitrary web script or HTML via the (1) url or (2) part variables.
Ipcop Ipcop 1.4.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »