Information disclosure

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests...

Cross site scripting

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests...

Protect

Multiple improper neutralization of input during web page generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiOS & FortiProxy administrative interface may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests...

FortiNAC - Report disclosure to unauthenticated users

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiNAC may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...

Authorization

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

CVE-2023-20143 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...

CVE-2023-20138 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...

CVE-2023-20073 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

CVE-2023-20102 Cisco Secure Network Analytics Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into syst...

PT-2023-19917 · Sniproxy +2 · Sniproxy +2

Name of the Vulnerable Software and Affected Versions: SNIProxy versions 0.6.0-2 through the master branch commit: 822bb80df9b7b345cc9eba55df74a07b498819ba Description: A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy. A specially crafted HTTP or TLS...

CVE-2023-24366

An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request...

Design/Logic Flaw

An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request...

CVE-2023-24366

An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request...

CVE-2023-24366

CVE-2023-24366 affects rConfig v6.8.0 . The vulnerability is described as an arbitrary file download via a crafted HTTP request, exposing sensitive files and yielding a CONFIDENTIALITY impact: HIGH with no integrity/availability impact. The NVD/CNA entries assign a CVSS v3.1 base score 6.5 (MEDIU...

CVE-2023-27077

Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service DDOS via a crafted HTTP package...

CVE-2023-27077

Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service DDOS via a crafted HTTP package...

Authorization Bypass

snort is vulnerable to authorization bypasses. An unauthenticated, remote attacker may exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit allows the attacker to bypass the configured file policies and deliver a malicious...

Authorization Bypass

snort is vulnerable to authorization bypasses. An unauthenticated, remote attacker is able to exploit this vulnerability by sending crafted HTTP packets through an affected device, allowing them to bypass a configured file policy for HTTP packets and deliver a malicious payload...

Improper access control

A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests...