CVE-2023-34986

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-34985

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-34988

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-34988

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-30802

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field...

Code injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field...

CVE-2023-30802 Sangfor Next-Gen Application Firewall Source Code Disclosure

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field...

CVE-2023-30802 Sangfor Next-Gen Application Firewall Source Code Disclosure

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field...

K21800102: HTTP RFC enforcement is bypassed when a redirect iRule is applied to the virtual server

Security Advisory Description A specifically crafted HTTP request may bypass BIG-IP HTTP RFC enforcement and may lead the BIG-IP system to pass malformed HTTP requests to a target pool member web server. This issue occurs when all of the following conditions are met: A virtual server with an iRul...

Coppermine Gallery 1.6.25 Remote Code Execution

Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...

CVE-2023-43697

The CVE-2023-43697 vulnerability affects the SICK APU RDT400 component, tied to MAID (Modification of Assumed-Immutable Data). An unprivileged, remote attacker can cause the site to fail loading necessary strings by changing file paths via HTTP requests, exposing a network-accessible impact with ...

SUSE-SU-2023:4009-1 Security update for python-gevent

This update for python-gevent fixes the following issues: - CVE-2023-41419: Fixed a http request smuggling bsc1215469...

Ruijie Reyee Mesh Router - MITM Remote Code Execution Exploit

Exploit Title: Ruijie Reyee Wireless Router firmware version B11P204 - MITM Remote Code Execution RCE Date: April 15, 2023 Exploit Author: Mochammad Riyan Firmansyah of SecLab Indonesia Vendor Homepage: https://ruijienetworks.com Software Link:...

RHEL 9 : nodejs (RHSA-2023:5533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5533 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

Exploit Title: Ruijie Reyee Wireless Router firmware version B11P204 - MITM Remote Code Execution RCE Date: April 15, 2023 Exploit Author: Mochammad Riyan Firmansyah of SecLab Indonesia Vendor Homepage: https://ruijienetworks.com Software Link:...

CVE-2023-44860

An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request...

Authorization

An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request...

Improper Authorization

pretix is vulnerable to Improper Authorization. An attacker is able to exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable pretix instance. This request could contain a malicious X-Forwarded-For header that spoofs the attacker's IP address. If the pretix instanc...

CVE-2023-44860

CVE-2023-44860 affects NETIS SYSTEMS N3Mv2 v1.0.1.865. A flaw in the authorization component of the HTTP request allows a remote attacker to cause a denial of service. Public details in connected sources confirm the DoS impact but do not provide exploit code or exact vectors beyond the HTTP-based...

CVE-2023-44860

An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request...