MidnightBSD

Advisories for adiscon

CVE-2003-1518 HIGH

Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
adiscon winsyslog 5.0_beta
adiscon winsyslog 4.21_sp1
CVE-2012-3790 MEDIUM

Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
adiscon loganalyzer 3.2.1
adiscon loganalyzer 3.5.1
adiscon loganalyzer 3.2.0
adiscon loganalyzer 3.4.0
adiscon loganalyzer 3.5.0
adiscon loganalyzer 3.4.2
adiscon loganalyzer 3.5.4
adiscon loganalyzer 3.2.2
adiscon loganalyzer 3.5.3
adiscon loganalyzer 3.5.2
adiscon loganalyzer *
adiscon loganalyzer 3.2.3
adiscon loganalyzer 3.3.0
adiscon loganalyzer 3.4.1
CVE-2014-6070 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
adiscon loganalyzer 3.6.2
adiscon loganalyzer 3.6.3
adiscon loganalyzer 3.6.4
adiscon loganalyzer 3.6.1
adiscon loganalyzer 3.6.0
adiscon loganalyzer *
CVE-2018-19877 MEDIUM

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
adiscon loganalyzer *
CVE-2021-31738 MEDIUM

Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
adiscon loganalyzer 4.1.10
adiscon loganalyzer 4.1.11
CVE-2022-36664

Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter.

Products Affected

Vendor Product Version
adiscon password_manager_for_iis 2.0
CVE-2023-34600

Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.

Products Affected

Vendor Product Version
adiscon loganalyzer *
CVE-2023-36306

A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.

Products Affected

Vendor Product Version
adiscon loganalyzer *