16 matches found
FortiLogger 4.4.2.2 - Arbitrary File Upload
FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp. id: CVE-2021-3378 info: name: FortiLogger 4.4.2.2 - Arbitrary File Upload author:...
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp...
FortiLogger Arbitrary File Upload (CVE-2021-3378)
An arbitrary file upload vulnerability exists in FortiLogger. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Metasploit Wrap-Up
ProxyLogon More Microsoft news this week! Firstly, a big thank you to community contributors GreyOrder, Orange Tsai, and mekhalleh RAMELLA Sébastien, who added three new modules that allow an attacker to bypass authentication and impersonate an administrative user CVE-2021-26855 on vulnerable...
FortiLogger Arbitrary File Upload Exploit
This module exploits an unauthenticated arbitrary file upload via insecure POST request. It has been tested on versions use exploit/windows/http/fortiloggerarbitraryfileupload msf exploitfortiloggerarbitraryfileupload show targets ...targets... msf exploitfortiloggerarbitraryfileupload set TARGET...
FortiLogger Arbitrary File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...
FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...
FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...
FortiLogger 4.4.2.2 Arbitrary File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp...
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp...
Design/Logic Flaw
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp...
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by an Arbitrary File Upload vulnerability. Attackers can trigger it by sending a Content-Type: image/png header to Config/SaveUploadedHotspotLogoFile, then access Assets/temp/hotspot/img/logohotspot.asp. The issue enables unauthenticated arbitrary file upload with ...
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp...
RZK Fortilogger Code Issue Vulnerability
RZK Fortilogger is a system from RZK Turkey that provides instant status tracking, logging, searching/filtering, reporting, and hotspotting for the FortiGate firewall on Windows systems. A security vulnerability exists in FortiLogger 4.4.2.2, which originates from being affected by arbitrary file...
Exploit for Unrestricted Upload of File with Dangerous Type in Fortilogger
CVE-2021-3378 | FortiLogger - Unauthenticated Arbitrary File...