CVE-2022-29055

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via a...

Cross site request forgery (csrf)

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via a...

Protect

An access of uninitialized pointer vulnerability CWE-824 in the SSL VPN portal of FortiOS & FortiProxy may allow a remote unauthenticated or authenticated see Affected Products section attacker to crash the sslvpn daemon via an HTTP GET request...

CVE-2022-29055

CVE-2022-29055 describes an access of an uninitialized pointer in Fortinet FortiOS and FortiProxy that can crash the sslvpn daemon via an HTTP GET request. Affected products include FortiOS versions 6.0.x, 6.2.0–6.2.10, 6.4.0–6.4.8, 7.0.0–7.0.5, 7.2.0 and FortiProxy 1.2.x, 2.0.0–2.0.9, 7.0.0–7.0....

CVE-2022-39290

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

Fortinet FortiSOAR Code Injection Vulnerability

Fortinet FortiSOAR is a security orchestration, automation, and response SOAR solution from Fortinet USA. A code injection vulnerability exists in Fortinet FortiSOAR that stems from incorrect neutralization of a particular element used and can be exploited by an authenticated attacker to execute...

CVE-2022-39814

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...

Open redirect

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...

CVE-2022-39814

CVE-2022-39814 affects Nokia 1350 OMS (R14.2). The vulnerability is an open redirect on the login page via the next HTTP GET parameter. Root cause: insufficient validation of the next parameter leading to unauthorized redirection. Impact is described as an open redirect; detailed risk (e.g., cred...

CVE-2022-39814

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...

CVE-2022-29061

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests...

Command injection

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests...

CVE-2022-29061

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests...

Showmax: Reflected XSS at https://stories.showmax.com/wp-content/themes/theme-internal_ss/blocks/ajax/a.php via `ss_country_filter` param

Summary: A Reflected XSS issue at https://stories.showmax.com/. Description: This issue was found at https://stories.showmax.com/wp-content/themes/theme-internalss/blocks/ajax/b.php page. But, as I understand the last part of pathname a.php can be different. For example b.php also working. Maybe ...

Transposh WordPress Translation 1.0.7 Cross Site Scripting Vulnerability (2)

Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tptp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application...

CVE-2022-22304

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...

Design/Logic Flaw

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...

CVE-2022-22304

CVE-2022-22304 describes a cross-site scripting (XSS) vulnerability in FortiAuthenticator OWA Agent for Microsoft, affecting version 2.2 and 2.1. The issue arises from improper neutralization of input during web page generation (CWE-79), allowing an unauthenticated attacker to perform an XSS via ...

CVE-2022-23142

ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible...

CVE-2022-23142

CVE-2022-23142 concerns ZXEN CG200 and describes a DoS vulnerability: an attacker can flood the device’s management interface with a large number of HTTP GET requests in a short time, causing the product management websites to become inaccessible. The affected device is ZTE ZXEN CG200 (versions a...