log software vulnerabilities

Searching log software vulnerabilities

A Windows NT system's file audit policy does no

A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.

A Windows NT system's file audit policy does no

A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.

An event log in Windows NT has inappropriate ac

An event log in Windows NT has inappropriate access permissions.

A Windows NT log file has an inappropriate maxi

A Windows NT log file has an inappropriate maximum size or retention period.

QMS CrownNet Unix Utilities for 2060 allows roo

Utilities | CrownNet | Unix | QMS |

QMS CrownNet Unix Utilities for 2060 allows root to log on without a password.

gFTP FTP client 1.13, and other versions before

client | gFTP | FTP |

gFTP FTP client 1.13, and other versions before 2.0.0, records a password in plaintext in (1) the log window, or (2) in a log file.

Arrowpoint (aka Cisco Content Services, or CSS)

Arrowpoint |

Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands.

The Log Viewer function in the Check Point Fire

The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.

CentraOne 5.2 and Centra ASP with basic authent

CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.

Microsoft Internet Information Server (IIS) 4.0

Information | Microsoft | Internet | Server |

Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.

Norton Internet Security 2001 opens log files w

Security | Internet | Norton |

Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.

The log_event function in ssmtp 2.50.6 and earl

log_event | function | ssmtp |

The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.

Unknown vulnerability in Moodle before 1.2 allo

Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.

Buffer overflow in the Log-SCR function in the

Buffer overflow in the Log-SCR function in the "Log to Screen" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request.

Cross-site scripting (XSS) vulnerability in Gre

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file.

System log server in Mac OS X and OS X Server 1

server | System | Mac | log |

System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).

PHP Web Statistik 1.4 does not rotate the log d

PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php.

Cross-site scripting (XSS) vulnerability in Vir

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file.

The Ubuntu 5.10 installer does not properly cle

Ubuntu |

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.

Cross-site scripting (XSS) vulnerability in JBM

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files.

Software vulnerabilities results 1 to 20 of 351

Page: 12 3 4 5...18 ►

log software vulnerabilities

vulnerabilities.aspcode.net

Searching log software vulnerabilities