30 matches found
EUVD-2020-27788
Malware in sbrugna...
EUVD-2023-31723
Malicious code in bioql PyPI...
EUVD-2022-44538
Malicious code in bioql PyPI...
CVE-2023-27998
A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
CVE-2022-41331
A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...
CVE-2020-6641
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters...
CVE-2023-27998
A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
CVE-2023-27998
A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
Code injection
A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
CVE-2023-27998
A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
CVE-2023-27998
CVE-2023-27998 affects FortiPresence up to 1.2.1 (and all 1.0–1.2.1 per PT-2023-21471) due to a lack of custom error pages. An unauthenticated attacker who can access the login GUI can navigate to specific HTTP(S) paths to disclose sensitive information. The underlying issue is the absence of pro...
CVE-2023-27998
A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
Fortinet FortiPresence Security Vulnerability
Fortinet FortiPresence is a comprehensive data analytics solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiPresence that stems from the lack of a custom error page, which could allow an attacker to obtain sensitive information by navigating to a specific HTTP path...
PT-2023-21471 · Fortinet · Fortipresence
Name of the Vulnerable Software and Affected Versions: FortiPresence versions 1.0 through 1.2.1 Description: A lack of custom error pages may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
Fortinet FortiPresence Authentication Error Vulnerability
Fortinet FortiPresence is a comprehensive data analytics solution from Fortinet, Inc. Fortinet FortiPresence suffers from an authentication error vulnerability that stems from a lack of authentication for critical functions, which can be exploited by an attacker to gain access to Redis and MongoD...
Fortinet Addresses Security Flaws Across Multiple Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet releases security updates for multiple products, including a significant FortiPresence vulnerability patch. To receive real-time threat advisories, please follow HiveForce Labs on LinkedI...
CVE-2022-41331
A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...
CVE-2022-41331
A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...
Authentication flaw
A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...
CVE-2022-41331
FortiPresence infrastructure server prior to version 1.2.1 is affected by CVE-2022-41331: a missing authentication for critical functions (CWE-306) that could allow a remote, unauthenticated attacker to access Redis and MongoDB via crafted authentication requests. The issue has a high impact on c...