Fortinet FortiAnalyzer Data Forgery Issue Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

Design/Logic Flaw

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS. PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 wit...

CVE-2023-42782

A insufficient verification of data authenticity vulnerability CWE-345 in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number...

CVE-2023-42782

A insufficient verification of data authenticity vulnerability CWE-345 in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number...

Authorization

A insufficient verification of data authenticity vulnerability CWE-345 in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number...

CVE-2023-42782

FortiAnalyzer CVE-2023-42782 is an insufficent verification of data authenticity (CWE-345) affecting FortiAnalyzer 7.4.0 and below 7.2.3. An unauthenticated remote attacker could send forged messages to FortiAnalyzer’s syslog server by exploiting knowledge of an authorized device serial number. S...

Fortinet FortiAnalyzer 数据伪造问题漏洞

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

PT-2023-5996 · Fortinet · Fortianalyzer

Name of the Vulnerable Software and Affected Versions: FortiAnalyzer versions 7.4.0 and below 7.2.3 Description: The issue is related to insufficient verification of data authenticity, allowing a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via knowledge ...

CVE-2023-0828

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-0828

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

Cross site scripting

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-0828 Stored Cross Site Scripting in syslog section

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-0828 Stored Cross Site Scripting in syslog section

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-0828

CVE-2023-0828 is a Cross-site Scripting (XSS) vulnerability in the Syslog section of Pandora FMS that can cause a user’s cookie value to be transferred to an attacker’s server. Affected: Pandora FMS version 7.67 (7.67) and earlier on all platforms. Root cause: XSS in the Syslog UI. Impact: creden...

PT-2023-16553 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS version 7.67 and prior versions Description: A Cross-site Scripting XSS issue in the Syslog Section of Pandora FMS allows an attacker to transfer a user's cookie value to the attacker's server. Recommendations: For Pandora FMS...

[NetScaler-Syslog] HA Secondary node Cannot Transmit Syslog Messages in TCP

NetScaler supports report syslog messages to an external syslog server. But in HA deployment, you may observe the issue that: HA Secondary node doesn't send syslog messages while Primary is good if "Transport Type" is TCP. Configuring it to UDP has no issue...

Important Photon OS Security Update - PHSA-2023-5.0-0093

Updates of 'openvswitch', 'apache-tomcat', 'redis', 'syslog-ng', 'python3' packages of Photon OS have been released...

syslog configuration on NetScaler only sends var/log/ns.log to outside syslog server.

...

SonicWALL GMS Virtual Appliance Syslog Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Webmin 跨站脚本漏洞

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.021 that stems from a stored cross-site scripting XSS vulnerability discovered in the syslog viewer feature. The vulnerability...