Fortinet FortiWeb Stack-based buffer overflows in API controllers (FG-IR-21-152)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-152 advisory. - Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an...

Cilium 安全漏洞

Cilium is an open source software from Cilium Open Source. It is used to provide and transparently secure network connectivity and load balancing between application workloads, such as application containers or processes. A security vulnerability exists in Cilium versions 1.15.0 through prior to...

PT-2024-29983 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions 1.15.x through 1.15.7 Cilium version 1.16.0 Description: The issue arises from incorrect propagation of ReferenceGrant changes in Cilium's GatewayAPI controller. This could lead to Gateway resources accessing secrets for longe...

Fortinet FortiWeb Path traversal in API controller (FG-IR-22-251)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-251 advisory. - A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb...

CVE-2023-34602

JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController...

PT-2023-24944 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: JeecgBoot versions up to 3.5.1 Description: The issue is a SQL injection vulnerability. It occurs via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. Recommendations: For JeecgBoot versions up ...

PT-2023-24945 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: JeecgBoot versions up to 3.5.1 Description: A SQL injection issue was discovered in JeecgBoot via the queryFilterTableDictInfo component at org.jeecg.modules.api.controller.SystemApiController. This allows for potential SQL injection attacks...

IBOS SQL注入漏洞

IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS version 4.5.5, which stems from a problem with a function in the file ApiController.php, where manipulation of the parameter emailids can lead to sql injection...

shiziyu SQL注入漏洞

shiziyu Lionfish CMS is a community group-buying website by Lionfish CMS shiziyu. shiziyu CMS has a SQL injection vulnerability that originates from a security issue in the function goodsdetail in the file ApiController.class.php, which leads to sql injection via the parameter goodsid...

CVE-2022-4564

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...

CVE-2022-4564

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...

Cross site request forgery (csrf)

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...

CVE-2022-4564 University of Central Florida Materia API Controller api.php before cross-site request forgery

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...

CVE-2022-4564

The CVE affects University of Central Florida Materia up to version 9.0.0, impacting the API Controller’s fuel/app/classes/controller/api.php, where the before function enables cross-site request forgery. Remote initiation is possible. Remediation is upgrading to 9.0.1-alpha1; the patch is af2591...

CVE-2022-4564 University of Central Florida Materia API Controller api.php before cross-site request forgery

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

CVE-2022-3710

Sophos Firewall (pre-19.5 GA) is affected by a post-auth, read‑only SQL injection in the API controller that enables API clients to read non‑sensitive configuration data from the configuration database. The vulnerability’s exploit is described as read access without altering data (impact: confide...

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734 - A cross-site scripting XSS...

Fortinet FortiWeb Buffer Overflow Vulnerability (CNVD-2021-99680)

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A buffer overflow vulnerability exists, whi...

CVE-2021-43071

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller...