Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
log injection vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2003-1580
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote malicious users to spoof IP addresses via crafted DNS responses conta...
Apache Http Server 2.0.44
231
VMScore
CVE-2003-1581
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote malicious users to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an &...
Apache Http Server 2.0.44
445
VMScore
CVE-2006-6302
fail2ban 0.7.4 and previous versions does not properly parse sshd log files, which allows remote malicious users to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in v...
Fail2ban Fail2ban
645
VMScore
CVE-2005-1087
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote malicious users to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
An An-httpd 1.42n
1 EDB exploit
NA
CVE-2022-45899
Nokia BMC Log Scanner version 13 suffers from a remote command injection vulnerability.
668
VMScore
CVE-2018-0320
A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote malicious user to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An atta...
Cisco Prime Collaboration Provisioning
Cisco Prime Collaboration
435
VMScore
CVE-2004-1657
Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote malicious users to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.
Newtelligence Dasblog 1.3
Newtelligence Dasblog 1.6
Newtelligence Dasblog 1.4
Newtelligence Dasblog 1.5
1 EDB exploit
505
VMScore
CVE-2017-15270
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by malicious users to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special chara...
Psftp Psftpd 10.0.4
1 EDB exploit
435
VMScore
CVE-2017-15271
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled malicious users to perform a very effective DoS attack agains...
Psftp Psftpd 10.0.4
1 EDB exploit
685
VMScore
CVE-2004-1210
Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote malicious users to inject arbitrary web script or HTML via the (1) url or (2) part variables.
Ipcop Ipcop 1.4.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »