1380 matches found
CVE-2022-40676
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized co...
PT-2023-1863 · Fortinet · Fortisoar
Name of the Vulnerable Software and Affected Versions: Fortinet FortiSOAR versions 7.3.0 through 7.3.1 Description: The issue is related to improper access control in the administrative interface, allowing an attacker to perform unauthorized actions via crafted HTTP requests. This can enable a...
The vulnerability of FortiWeb web applications’ network firewalls arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code or perform arbitrary commands.
The vulnerability of FortiWeb web applications’ network firewalls exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform arbitrary commands usin...
CVE-2022-41723 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...
The vulnerability of the Micrium real-time operating system’s HTTP server allows attackers to execute arbitrary code.
The vulnerability of a real-time Micrium operating system’s HTTP server relates to buffer overflow attacks. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by sending a specially crafted HTTP request...
Design/Logic Flaw
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request...
K26314875: Apache vulnerability CVE-2022-26377
Security Advisory Description Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4...
Allocation of Resources Without Limits or Throttling
Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder,...
GO-2023-1571 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...
CVE-2022-41335
A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read...
CVE-2022-27489
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2023-23780
A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests...
CVE-2022-41335
A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read...
SUSE CVE-2011-2766
The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers...
SUSE CVE-2017-10868
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...
SUSE CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...
SUSE CVE-2019-3833
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server...
Directory traversal
A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-38715
A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-38459
A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...