13 matches found
CVE-2023-30803
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header...
CVE-2023-30802
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field...
The vulnerability of the Sangfor NGAF firewall lies in the lack of protection for service data, allowing attackers to obtain the original PHP code.
The vulnerability of the Sangfor NGAF firewall lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain the original PHP code by sending a specially crafted HTTP request with an invalid Content-Length field...
The vulnerability of the Sangfor NGAF firewall lies in its ability to bypass the authentication mechanism, allowing attackers to circumvent the authentication process.
The vulnerability of the Sangfor NGAF firewall lies in its ability to bypass the authentication mechanism. Exploiting this vulnerability allows a malicious actor to circumvent the authentication process by using specially crafted HTTP requests and a specially created Y-forwarded-for header...
The vulnerability of the /LogInOut.php file in the Sangfor NGAF firewall allows a hacker to execute arbitrary code.
The vulnerability of the /LogInOut.php file in the Sangfor NGAF firewall lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted HTTP POST request remotely...
The vulnerability of the svpn_html/loadfile.php component of the Sangfor NAF firewall tool, which allows a hacker to disclose protected information
The vulnerability of the svpnhtml/loadfile.php component of the Sangfor NAF firewall lies in the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the cgi-bin/login.cgi file within the Sangfor NGAF firewall allows a hacker to execute arbitrary code.
The vulnerability of the cgi-bin/login.cgi file, exposed by the Sangfor NGAF firewall mechanism, is related to errors in processing the meta-symbolic cookie file in the PHPSESSID parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially...
CVE-2023-30804
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpnhtml/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated...
CVE-2023-30806
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...
CVE-2023-30802
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field...
Sangfor Next-Gen Application Firewall Security Vulnerabilities
Sangfor Next-Gen Application Firewall Sangfor NGAF is an application firewall from China-based Sangfor. A security vulnerability exists in Sangfor Next-Gen Application Firewall NGAF version 8.0.17, which originates from a source code disclosure issue. The vulnerability can be exploited to obtain...
Sangfor Next-Gen Application Firewall Security Vulnerabilities
Sangfor Next-Gen Application Firewall Sangfor NGAF is an application firewall from China-based Sangfor. A security vulnerability exists in Sangfor Next-Gen Application Firewall NGAF version 8.0.17, which exploits a vulnerability that could allow an unauthenticated attacker to bypass authenticatio...
Sangfor Next-Gen Application Firewall Operating System Command Injection Vulnerability
Sangfor Next-Gen Application Firewall Sangfor NGAF is an application firewall from China-based Sangfor. A security vulnerability exists in Sangfor Next-Gen Application Firewall NGAF version 8.0.17, which originates from an operating system command injection vulnerability. The vulnerability can be...