Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adiscon | winsyslog | 5.0_beta |
| adiscon | winsyslog | 4.21_sp1 |
Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adiscon | loganalyzer | 3.2.1 |
| adiscon | loganalyzer | 3.5.1 |
| adiscon | loganalyzer | 3.2.0 |
| adiscon | loganalyzer | 3.4.0 |
| adiscon | loganalyzer | 3.5.0 |
| adiscon | loganalyzer | 3.4.2 |
| adiscon | loganalyzer | 3.5.4 |
| adiscon | loganalyzer | 3.2.2 |
| adiscon | loganalyzer | 3.5.3 |
| adiscon | loganalyzer | 3.5.2 |
| adiscon | loganalyzer | * |
| adiscon | loganalyzer | 3.2.3 |
| adiscon | loganalyzer | 3.3.0 |
| adiscon | loganalyzer | 3.4.1 |
Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adiscon | loganalyzer | 3.6.2 |
| adiscon | loganalyzer | 3.6.3 |
| adiscon | loganalyzer | 3.6.4 |
| adiscon | loganalyzer | 3.6.1 |
| adiscon | loganalyzer | 3.6.0 |
| adiscon | loganalyzer | * |
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adiscon | loganalyzer | * |
Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adiscon | loganalyzer | 4.1.10 |
| adiscon | loganalyzer | 4.1.11 |
Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adiscon | password_manager_for_iis | 2.0 |
Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adiscon | loganalyzer | * |
A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adiscon | loganalyzer | * |