198 matches found
Fortinet FortiNAC Cross-Site Scripting Vulnerability (CNVD-2024-13094)
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of...
GHSA-Q3GG-M8HR-H4X4 Externally Controlled Format String in Scripting Functions
The rquickjs crate used by SurrealDB implements Rust bindings to the QuickJS C library and is used to execute SurrealDB scripting functions. The rquickjs function Exception::throwtype takes a string and returns an error object. Prior to version 0.4.2 of the crate, this string would be fed directl...
Fortinet FortiNAC 跨站脚本漏洞
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of...
Exploitation of Unitronics PLCs used in Water and Wastewater Systems
CISA is responding to active exploitationlink is external of Unitronics programmable logic controllers PLCs used in the Water and Wastewater Systems WWS Sector. Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility...
Rocky Linux 8 : redis:5 (RLSA-2021:3918)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3918 advisory. - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the...
CVE-2023-45239
A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...
Electron_Shell - Developing A More Covert Remote Access Trojan (RAT) Tool By Leveraging Electron's Features For Command Injection And Combining It With Remote Control Methods
Electronshell Developing a more covert Remote Access Trojan RAT tool by leveraging Electron's features for command injection and combining it with remote control methods. Read More: AOH 024探索将Shell寄生于Electron程序的自动化实现 Features Supports almost all operating systems mac linux windows Supports almost...
CVE-2023-34469
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality...
CVE-2023-37491 Improper Authorization check vulnerability in SAP Message Server
The ACL Access Control List of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the...
PenTales: A Badge, a Tag, and a Bunch of Unattended Chemicals; Why Physical Social Engineering Engagements are an Important Part of Security
At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully...
The vulnerability of the Fortinet FortiNAC network access control mechanism, related to deficiencies in access control, allows a intruder to perform unauthorized calls via JSP.
The vulnerability of the Fortinet FortiNAC network access control mechanism is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to perform unauthorized calls...
The vulnerability of the network access control device Fortinet FortiNAC, related to deficiencies in the deserialization mechanism, allows a perpetrator to execute arbitrary code or perform arbitrary commands.
The vulnerability of the Fortinet FortiNAC network access control device is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code or perform arbitrary commands...
PT-2023-22218 · Bosch · Bosch Building Integration System
Name of the Vulnerable Software and Affected Versions: Bosch Building Integration System BIS version 5.0 Description: The issue is related to improper information in the cybersecurity guidebook of the Bosch Building Integration System, which may lead to incorrect configuration. This incorrect...
The vulnerability of the Fortinet FortiNAC network access control mechanism lies in the lack of protection for service data, which allows attackers to exploit this weakness to disclose protected information.
The vulnerability of the Fortinet FortiNAC network access control device is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
Fortinet FortiNAC 授权问题漏洞
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from a weak authentication vulnerability in the device...
Fortinet FortiNAC 安全漏洞
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from insufficiently protected credentials...
Fortinet FortiNAC 加密问题漏洞
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from the use of a weak encryption algorithm vulnerability...
Fortinet FortiNAC 输入验证错误漏洞
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from the presence of an open redirection vulnerability...
Fortinet FortiNAC Information Disclosure Vulnerability
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC information leakage vulnerability, the vulnerability stems from the application for sensitive information...
FortiNAC keyUpload.jsp command execution
Added: 02/24/2023 Background FortiNAC is a network access control solution. Problem A vulnerability in the keyUpload.jsp resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution. Resolution Upgrade to FortiNAC 7.2.0, 9.1.8,...