5908 matches found
CVE-2024-23667
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...
CVE-2024-23668
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...
CVE-2024-23670
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...
CVE-2024-23670
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...
CVE-2023-48789
A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests...
CVE-2023-48789
A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests...
RHEL 5 : libxml2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxml2: Use after free via namespace node in XPointer ranges CVE-2016-4658 - libxml2: Missing validation...
Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure
Exploit Title: Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: Wipro Holmes Orchestrator v20.4.1 Tested on: Windows CVE : CVE-2021-38283 import requests as rq import argparse...
CVE-2024-35341
Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...
Information Disclosure
github.com/huandu/facebook is vulnerable to an Information Disclosure vulnerability. The vulnerability is due to the accesstoken being exposed in error messages upon failing HTTP requests, which could allow an attacker with log access to obtain sensitive access tokens by exploiting error messages...
CVE-2021-47544
In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar...
CVE-2021-47544
In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar...
CVE-2021-47544 tcp: fix page frag corruption on page fault
In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar...
CVE-2021-47544
CVE-2021-47544 affects the Linux kernel TCP path, specifically the page frag allocation in sk_page_frag() during a page fault on an mmapped user buffer from CIFS. The nested memory access triggers page-frag modifications that corrupt the TCP stream, observed in HTTP transfers served by Apache ove...
golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...
golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...
Fortinet FortiWeb - Multiple OS command injection (FG-IR-22-133)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-133 advisory. - Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in...
Fortinet Fortigate Web server ETag exposure (FG-IR-23-224)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-224 advisory. - An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through...
Fortinet Fortigate Format String Bug in cli command (FG-IR-23-137)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-23-137 advisory. - A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through...
RHEL 8 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2767)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2767 advisory. This project provides the possibility to switch from the Sensu-based availability monitoring solution to a monitoring solution based on...