14 matches found
EUVD-2023-29549
Malicious code in bioql PyPI...
Fortinet FortiWeb Arbitrary file read through command line pipe (FG-IR-21-218)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-218 advisory. - An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter o...
CVE-2023-36634
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...
Design/Logic Flaw
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...
Design/Logic Flaw
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all...
CVE-2023-36634
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...
CVE-2023-36634
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...
CVE-2022-22297
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder...
Design/Logic Flaw
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder...
CVE-2022-22297
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder...
CVE-2022-22297
CVE-2022-22297 affects Fortinet FortiWeb and FortiRecorder with an incomplete filtering issue (CWE-792) in the command line interpreter, enabling an authenticated user to read arbitrary files via crafted command arguments. Affected: FortiWeb versions 6.0–6.4.1 and FortiRecorder versions 2.7–6.4.3...
CVE-2022-22297
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder...
FortiWeb and FortiRecorder - Arbitrary file read through command line pipe
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiRecorder and FortiWeb may allow an authenticated user to read arbitrary files via specially crafted command arguments...
unitedcraneandrigging.com Cross Site Scripting vulnerability OBB-1208289
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...