MidnightBSD

Advisories for modlogan

CVE-2002-2050 LOW

Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
modlogan modlogan 0.5
modlogan modlogan 0.5.6
modlogan modlogan 0.6
modlogan modlogan 0.7.11
modlogan modlogan 0.5.7
CVE-2002-2051 LOW

The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
modlogan modlogan 0.5
modlogan modlogan 0.5.6
modlogan modlogan 0.6
modlogan modlogan 0.7.11
modlogan modlogan 0.5.7