CVE-2021-26096

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments...

Heap overflow

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments...

CVE-2021-26096

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments...

CVE-2021-26096

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments...

CVE-2021-26096

CVE-2021-26096 affects Fortinet FortiSandbox prior to 4.0.0, with multiple heap-based buffer overflow instances in the FortiSandbox command shell. An authenticated attacker can craft specific command-line arguments to manipulate memory and alter contents. The vulnerability is documented across mu...

FortiSandbox - Multiple heap corruption vulnerabilities in command shell

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments...

CVE-2020-29014

A concurrent execution using shared resource with improper synchronization 'race condition' in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands...

CVE-2020-29014

A concurrent execution using shared resource with improper synchronization 'race condition' in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands...

Race condition

A concurrent execution using shared resource with improper synchronization 'race condition' in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands...

CVE-2020-29014

A concurrent execution using shared resource with improper synchronization 'race condition' in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands...

CVE-2020-29014

A concurrent execution using shared resource with improper synchronization 'race condition' in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands...

CVE-2020-29014

FortiSandbox (Fortinet) command shell exhibits a race condition arising from improper synchronization on a shared resource. The issue exists before version 3.2.2 and can allow an authenticated attacker to bring the system into an unresponsive state through specifically orchestrated command sequen...

FortiSandbox - Race condition vulnerability in command shell

A concurrent execution using shared resource with improper synchronization 'race condition' in the command shell of FortiSandbox may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands...

Metasploit Wrap-Up

Nagios modules Community member Erik Wynter has contributed two more Nagios XI modules this week, on top of the previous week’s contributions! If you’ve noticed Nagios XI 5.6.0 to 5.7.5 running within your target’s infrastructure during a pen test, be sure to check both these new modules out as...

IBM Connect:Direct for UNIX License Issue Vulnerability

IBM Connect: Direct for UNIX is the United States IBM a point-to-point can support multi-platform transfer of data between the tool software. The software supports z/OS, VSE, AS/400, UNIX IBM, SUN, HP, etc., LINUX, Windows and other 18 platforms, in addition to providing C, C + + +, JAVA,...

MGASA-2020-0400 Updated webmin package fixes security vulnerabilities

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. CVE-2020-8820 An...

Phishing Emails Used to Deploy KONNI Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency CISA has observed cyber actors using emails containi...

Webmin <= 1.941 Multiple XSS Vulnerabilities

Webmin is prone to multiple cross-site scripting vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-8821

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered however, JavaScript is...

Input validation

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered however, JavaScript is...