CVE-2024-36509

FortiWeb exposes encrypted administrator passwords via the Log Access Event logs page. Affects FortiWeb versions 6.3.23 and below, 7.0.10 and below, 7.2.10 and below, 7.4.3 and below, and 7.6.0. The root cause is exposure of sensitive system information to an unauthorized control sphere. Exploita...

CVE-2024-6388

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext...

CVE-2023-50180

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other...

CVE-2023-50180

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other...

CVE-2023-50180

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other...

CVE-2023-50180

FortiADC (Fortinet) is affected by CVE-2023-50180, where sensitive system information can be exposed to unauthorized control domains. A read-only administrator may view data pertaining to other administrators in versions 7.4.1 and below, 7.2.3 and below, 7.1.4 and below, 7.0.5 and below, and 6.2....

Design/Logic Flaw

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file...

CVE-2022-22303

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file...

CVE-2022-22303

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file...

CVE-2022-22303

CVE-2022-22303 affects FortiManager: an access-control weakness can allow a low-privileged authenticated user to obtain FortiGate user credentials via the config conflict file. Affected products/versions: FortiManager before 7.0.2, 6.4.7 and 6.2.9. Root cause: exposure of sensitive information in...

Core Security Technologies Advisory 2009.0625

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities 1. Advisory Information Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing...