Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-101133)

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. versions 6.4.1 and earlier and 6.3.15 and...

CVE-2021-36188

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers...

CVE-2021-41015

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler...

CVE-2021-41015

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler...

CVE-2021-41015

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler...

Fortinet FortiWeb跨站脚本漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. versions 6.4.1 and earlier and 6.3.15 and...

FortiWeb - Reflected cross-site scripting vulnerability in login handler

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiWeb may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the login webpage...

All Bachmann M1 System Processor Modules

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bachmann Electronic, GmbH Equipment: All M-Base Controllers Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This updated advisory is a follow-up to...

CVE-2016-11022

NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to loginhandler.php...

MODX Revolution Directory Traversal Vulnerability (CNVD-2018-17478)

MODX Revolution is a collection of easy-to-use content management systems CMS and application frameworks. A directory traversal vulnerability exists in /core/model/modx/modmanagerrequest.class.php in MODX Revolution 2.6.4 and earlier versions. An attacker can exploit the vulnerability by deleting...

Design/Logic Flaw

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...

CVE-2017-8055

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...