Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
log injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-10687
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
Kbpublisher Kbpublisher 6.0.2.1
NA
CVE-2013-6720
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x up to and including 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot...
Ibm Tealeaf Cx 8.0
Ibm Tealeaf Cx 8.1
Ibm Tealeaf Cx 7.1
Ibm Tealeaf Cx 7.2
Ibm Tealeaf Cx 8.6
Ibm Tealeaf Cx 8.7
Ibm Tealeaf Cx 8.8
Ibm Tealeaf Cx 8.2
Ibm Tealeaf Cx 8.3
Ibm Tealeaf Cx 8.4
Ibm Tealeaf Cx 8.5
1 EDB exploit
8.8
CVSSv3
CVE-2020-3224
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be exe...
Cisco Ios Xe 16.11.1
Cisco Ios Xe 16.11.1a
Cisco Ios Xe 16.11.1b
Cisco Ios Xe 16.11.1c
Cisco Ios Xe 16.11.1s
Cisco Ios Xe 16.12.1y
NA
CVE-2021-34752
Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. Cisco ...
NA
CVE-2007-1229
Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote malicious users to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when v...
Nullsoft Shoutcast Server 1.9.7
1 EDB exploit
7.2
CVSSv3
CVE-2021-1435
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote malicious user to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability ...
Cisco Ios Xe 16.9.1
Cisco Ios Xe 16.9.1a
Cisco Ios Xe 16.9.1b
Cisco Ios Xe 16.9.1c
Cisco Ios Xe 16.9.1d
Cisco Ios Xe 16.9.1s
Cisco Ios Xe 16.9.2
Cisco Ios Xe 16.9.2a
Cisco Ios Xe 16.9.2s
Cisco Ios Xe 16.9.3
Cisco Ios Xe 16.9.3a
Cisco Ios Xe 16.9.3h
Cisco Ios Xe 16.9.3s
Cisco Ios Xe 16.9.4
Cisco Ios Xe 16.9.4c
Cisco Ios Xe 16.9.5
Cisco Ios Xe 16.9.5f
Cisco Ios Xe 16.9.6
Cisco Ios Xe 16.10.1
Cisco Ios Xe 16.10.1a
Cisco Ios Xe 16.10.1b
Cisco Ios Xe 16.10.1c
7.2
CVSSv3
CVE-2020-3212
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote malicious user to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An atta...
Cisco Ios Xe 16.11.1
Cisco Ios Xe 16.11.1a
Cisco Ios Xe 16.11.1b
Cisco Ios Xe 16.11.1c
Cisco Ios Xe 16.11.1s
Cisco Ios Xe 16.12.1y
NA
CVE-2012-2104
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote malicious users to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted H...
Munin-monitoring Munin 2.0
Munin-monitoring Munin 2.1
1 EDB exploit
NA
CVE-2008-6509
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and previous versions allows remote malicious users to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.4.1
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.2
1 EDB exploit
NA
CVE-2011-1524
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) prior to 2.3 allows remote malicious users to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the e...
Symantec Liveupdate Administrator 2.2.2
Symantec Liveupdate Administrator 2.2.1
Symantec Liveupdate Administrator 2.1.3
Symantec Liveupdate Administrator 2.1.2
Symantec Liveupdate Administrator 2.1.0
Symantec Liveupdate Administrator
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »