Lucene search
K

198 matches found

CNVD
CNVD
added 2024/03/01 12:0 a.m.8 views

Fortinet FortiNAC Cross-Site Scripting Vulnerability (CNVD-2024-13094)

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of...

6.8CVSS6.4AI score0.00472EPSS
Exploits0References1
OSV
OSV
added 2024/02/21 12:4 a.m.9 views

GHSA-Q3GG-M8HR-H4X4 Externally Controlled Format String in Scripting Functions

The rquickjs crate used by SurrealDB implements Rust bindings to the QuickJS C library and is used to execute SurrealDB scripting functions. The rquickjs function Exception::throwtype takes a string and returns an error object. Prior to version 0.4.2 of the crate, this string would be fed directl...

8.5CVSS8AI score
Exploits0References4
CNNVD
CNNVD
added 2024/02/15 12:0 a.m.6 views

Fortinet FortiNAC 跨站脚本漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of...

6.8CVSS6.5AI score0.00472EPSS
Exploits0References2
CISA
CISA
added 2023/11/28 12:0 p.m.57 views

Exploitation of Unitronics PLCs used in Water and Wastewater Systems

CISA is responding to active exploitationlink is external of Unitronics programmable logic controllers PLCs used in the Water and Wastewater Systems WWS Sector. Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility...

9.8CVSS9.5AI score0.02089EPSS
In wildExploits0References13
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.35 views

Rocky Linux 8 : redis:5 (RLSA-2021:3918)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3918 advisory. - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the...

8.8CVSS7.2AI score0.1578EPSS
Exploits0References13
OSV
OSV
added 2023/10/06 6:15 p.m.4 views

CVE-2023-45239

A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...

9.8CVSS6.4AI score0.01813EPSS
Exploits1References3
Kitploit
Kitploit
added 2023/09/30 11:30 a.m.37 views

Electron_Shell - Developing A More Covert Remote Access Trojan (RAT) Tool By Leveraging Electron's Features For Command Injection And Combining It With Remote Control Methods

Electronshell Developing a more covert Remote Access Trojan RAT tool by leveraging Electron's features for command injection and combining it with remote control methods. Read More: AOH 024探索将Shell寄生于Electron程序的自动化实现 Features Supports almost all operating systems mac linux windows Supports almost...

8.3AI score
Exploits0References2
NVD
NVD
added 2023/09/12 4:15 p.m.39 views

CVE-2023-34469

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality...

4.9CVSS4.9AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/08 12:46 a.m.10 views

CVE-2023-37491 Improper Authorization check vulnerability in SAP Message Server

The ACL Access Control List of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the...

7.5CVSS6.6AI score0.0044EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2023/08/03 6:38 p.m.10 views

PenTales: A Badge, a Tag, and a Bunch of Unattended Chemicals; Why Physical Social Engineering Engagements are an Important Part of Security

At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/07/26 12:0 a.m.6 views

The vulnerability of the Fortinet FortiNAC network access control mechanism, related to deficiencies in access control, allows a intruder to perform unauthorized calls via JSP.

The vulnerability of the Fortinet FortiNAC network access control mechanism is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to perform unauthorized calls...

8CVSS7.1AI score0.00717EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.10 views

The vulnerability of the network access control device Fortinet FortiNAC, related to deficiencies in the deserialization mechanism, allows a perpetrator to execute arbitrary code or perform arbitrary commands.

The vulnerability of the Fortinet FortiNAC network access control device is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code or perform arbitrary commands...

10CVSS8.6AI score0.24296EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.4 views

PT-2023-22218 · Bosch · Bosch Building Integration System

Name of the Vulnerable Software and Affected Versions: Bosch Building Integration System BIS version 5.0 Description: The issue is related to improper information in the cybersecurity guidebook of the Bosch Building Integration System, which may lead to incorrect configuration. This incorrect...

8.1CVSS6.5AI score0.00362EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/05/04 12:0 a.m.7 views

The vulnerability of the Fortinet FortiNAC network access control mechanism lies in the lack of protection for service data, which allows attackers to exploit this weakness to disclose protected information.

The vulnerability of the Fortinet FortiNAC network access control device is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

5.3CVSS7.1AI score0.00593EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.5 views

Fortinet FortiNAC 授权问题漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from a weak authentication vulnerability in the device...

7.5CVSS7.3AI score0.00488EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.6 views

Fortinet FortiNAC 安全漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from insufficiently protected credentials...

4.4CVSS5AI score0.00143EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.5 views

Fortinet FortiNAC 加密问题漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from the use of a weak encryption algorithm vulnerability...

7.4CVSS7.3AI score0.00204EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.7 views

Fortinet FortiNAC 输入验证错误漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from the presence of an open redirection vulnerability...

4.7CVSS5AI score0.00422EPSS
Exploits0References2
CNVD
CNVD
added 2023/04/18 12:0 a.m.10 views

Fortinet FortiNAC Information Disclosure Vulnerability

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC information leakage vulnerability, the vulnerability stems from the application for sensitive information...

7.5CVSS6.4AI score0.00593EPSS
Exploits0References1
Saint
Saint
added 2023/02/24 12:0 a.m.137 views

FortiNAC keyUpload.jsp command execution

Added: 02/24/2023 Background FortiNAC is a network access control solution. Problem A vulnerability in the keyUpload.jsp resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution. Resolution Upgrade to FortiNAC 7.2.0, 9.1.8,...

9.8CVSS9.9AI score0.99815EPSS
Exploits7
Rows per page
Query Builder