CVE-2024-23671

CVE-2024-23671 describes a path traversal vulnerability in Fortinet FortiSandbox versions 4.0.0–4.0.4, 4.2.0–4.2.6, and 4.4.0–4.4.3 that allows an attacker to execute unauthorized code or commands via crafted HTTP requests. The root cause is improper limitation of a pathname to a restricted direc...

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, a dynamic threat intelligence system, real-time control panel and reporting, and more. A path traversal vulnerability exists in Fortinet FortiSandbox...

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from a path traversal vulnerability that can be...

CVE-2019-3833

...

ROS-20240329-22

Vulnerability in the Heerces C++ library of the BigFix Platform IT hardware co-management platform is caused by an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, to execute arbitrary code by sending a specially crafted HTTP request...

Oracle Linux 8 : nodejs:16 (ELSA-2024-1444)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1444 advisory. - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging Tenable h...

Cisco Unified IP Phone 9900 Series Arbitrary File Upload (CVE-2015-0604)

The web framework on Cisco Unified IP 9900 phones with firmware 9.4.1 and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424. This plugin only works with Tenable.ot. Please visit...

Cisco IP Phones 8800 Series Denial of Service (CVE-2016-1479)

Cisco IP Phone 8800 devices with software 11.01 allow remote attackers to cause a denial of service memory corruption via a crafted HTTP request, aka Bug ID CSCuz03038. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

CVE-2023-42789

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via...

CVE-2023-42790

A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands...

Cross site scripting

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via...

Stack overflow

A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A buffer overflow vulnerability...

CVE-2024-25111

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...

Fortinet FortiOS 代码问题漏洞

Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees from cyberattacks by combining a variety of detection technologies, such as Web filtering, DNS filtering, DLP, anti-virus,...

CVE-2023-42791

A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests...

Path traversal

A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2023-42791

A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

PT-2024-2334

Name of the Vulnerable Software and Affected Versions LibHTP versions prior to 0.5.46 Description The issue is related to excessive processing time of HTTP headers, leading to denial of service when crafted traffic is sent. This can be exploited by a remote attacker to cause a denial of service...