5909 matches found
CVE-2024-2217
CVE-2024-2217 concerns improper access control in gaizhenbiao/chuanhuchatgpt, allowing unauthorized access to the config.json file in both authenticated and unauthenticated versions. The flaw enables retrieval of sensitive data such as OpenAI/Google/XMChat API keys, configuration details, and use...
CVE-2024-2217 Improper Access Control in gaizhenbiao/chuanhuchatgpt
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...
CVE-2023-40148
CVE-2023-40148 is a PingFederate SSRF vulnerability. The issue: an unauthenticated attacker can make forged HTTP POST requests to trigger server-side requests, potentially reaching internal network resources and consuming server-side resources. Documents identify PingFederate as affected; root ca...
CVE-2024-31487
A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions,...
CVE-2024-23671
A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2024-23662
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests...
CVE-2023-49911
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...
CVE-2023-49909
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...
CVE-2023-49908
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...
CVE-2024-31487
Fortinet FortiSandbox suffers a path-traversal information-disclosure vulnerability (CVE-2024-31487) affecting FortiSandbox versions 2.4.0–2.4.1, 2.5.0–2.5.2, 3.0.0–3.0.7, 3.1.0–3.1.5, 3.2.0–3.2.4, 4.0.0–4.0.5, 4.2.0–4.2.6, and 4.4.0–4.4.4, allowing an attacker to disclose information via crafted...
CVE-2024-31487
A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions,...
CVE-2024-31487
A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions,...
CVE-2024-23671
A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2024-23671
CVE-2024-23671 describes a path traversal vulnerability in Fortinet FortiSandbox versions 4.0.0–4.0.4, 4.2.0–4.2.6, and 4.4.0–4.4.3 that allows an attacker to execute unauthorized code or commands via crafted HTTP requests. The root cause is improper limitation of a pathname to a restricted direc...
CVE-2024-23671
A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2024-23662
CVE-2024-23662 is an information-disclosure vulnerability in Fortinet FortiOS that affects FortiOS versions 6.4.0–6.4.15, 7.0.0–7.0.15, 7.2.0–7.2.5, and 7.4.0–7.4.1, enabling an unauthenticated attacker to access sensitive data via HTTP requests. Connected sources provide concrete version ranges ...
CVE-2024-23662
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests...
CVE-2024-23662
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests...
CVE-2023-49906
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...
CVE-2023-49906
CVE-2023-49906 is a stack-based buffer overflow in the TP-Link AC1350 (EAP225 V3) web interface, specifically in the httpd_portal function handling the scheduling/ssid parameter. A crafted authenticated HTTP POST to /data/scheduler.association.json can overflow the stack via multiple input buffer...