5908 matches found
CVE-2024-45327
FortiSOAR is affected by an improper authorization vulnerability (CWE-285) in the change password endpoint, enabling an authenticated attacker to perform brute force attacks on user and administrator passwords. Affected FortiSOAR versions are 7.0.0–7.0.3, 7.2.0–7.2.2, 7.3.0–7.3.2, and 7.4.0–7.4.3...
CVE-2024-45327
An improper authorization vulnerability CWE-285 in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...
Denial Of Service (DoS)
Keycloak is vulnerable to a Denial of Service DoS. The vulnerability is due to a lack of limits on the number of attributes per object, allowing an attacker to send repeated HTTP requests that cause resource exhaustion when the application returns rows with long attribute values...
Keycloak Denial of Service vulnerability
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited, an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. The issue is fixed in Keycloak 24 with...
GHSA-W97F-W3HQ-36G2 Keycloak Denial of Service vulnerability
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited, an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. The issue is fixed in Keycloak 24 with...
CVE-2023-6841
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values...
CVE-2023-6841
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values...
CVE-2023-6841
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. Mitigation This CVE is mitigated by the...
CVE-2024-21753
A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or...
CVE-2024-21753
A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or...
CVE-2024-21753
A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or...
Ubuntu: Security Advisory (USN-6988-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-45170
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...
CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...
CVE-2024-45170
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...
CVE-2024-45170
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...
CVE-2024-45170
CVE-2024-45170 affects za-internet C-MOR Video Surveillance 5.2401. The issue is improper or missing access control: low-privileged users can invoke administrative functions via the web interface by sending HTTP requests, because server-side checks are absent though the UI restricts the features....
ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal', 'Description' = %q This module exploits a directory traversal vulnerabili...
SAP Solution Manager Remote Unauthorized OS Commands Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Solution Manager remote unauthorized OS commands execution', 'License' = MSFLICENSE, 'Author' = 'Yvan Genuer', @1ggy The researcher who...
FortiOS Path Traversal Credential Gatherer
frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiOS Path Traversal Credential Gatherer', 'Description' = %q Fortinet FortiOS versions 5.4.6 to 5.4.12, 5.6.3 to 5.6...