Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)

Exploit Title: Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/fmlurlsvc/ Date: 01-Feb-2022 Exploit Author: Braiant Giraldo Villa Contact: @ironfortress Twitter Vendor Homepage: https://www.fortinet.com/products/email-security Software Link:...

CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

GHSA-V98J-7CRC-WVRJ Authentication bypass in Apache Shiro

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...

CVE-2021-41442

An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2014-2255)

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTP packets. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

CVE-2021-43635

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco. A security vulnerability exists in the Cisco Small Business RV Series routers, which is caused by an exception in error handling during a failed login attempt. An attacker can exploit this vulnerability by submitting specially crafted HTTP packets to t...

CVE-2021-41018

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2021-41018

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2021-41018

CVE-2021-41018 affects Fortinet FortiWeb OS command injection via improper neutralization of special elements in HTTP requests. Affected are FortiWeb versions 6.4.1 and below, and 6.3.15 and below. The vulnerability can allow an attacker to execute unauthorized code or commands through crafted HT...

CVE-2021-43073

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2021-44406

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44407

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44391

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44395

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44367

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44359

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44419

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44399

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44390

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability...