Privilege escalation

An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests...

Path traversal

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests...

Design/Logic Flaw

An allocation of resources without limits or throttling vulnerability CWE-770 in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency...

CVE-2023-44250

CVE-2023-44250 describes an improper privilege management (CWE-269) in Fortinet FortiOS HA clusters (versions 7.4.0–7.4.1 and 7.2.5) and FortiProxy HA clusters (7.4.0–7.4.1). An authenticated attacker can perform elevated actions via crafted HTTP(S) requests. The CVSS v3.1 base score is 8.8 (Netw...

CVE-2023-44250

An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests...

CVE-2023-37934

An allocation of resources without limits or throttling vulnerability CWE-770 in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency...

CVE-2023-37934

CVE-2023-37934 affects Fortinet FortiPAM 1.0 (all versions) due to a resource allocation without limits or throttling (CWE-770). An authenticated attacker can cause denial of service by sending crafted HTTP/HTTPS requests at high frequency. The issue is supported by multiple connected documents; ...

Oracle Linux 9 : squid (ELSA-2024-0071)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0071 advisory. - squid: Denial of Service in SSL Certificate validation CVE-2023-46724 - squid: NULL pointer dereference in the gopher protocol code CVE-2023-46728 -...

Important: squid

Issue Overview: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no know...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-006)

The version of java-11-openjdk installed on the remote host is prior to 11.0.21.0.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2JAVA-OPENJDK11-2024-006 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE...

Fortinet Fortigate Improper authorization for HA requests (FG-IR-23-315)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-315 advisory. - An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : squid (RHSA-2024:0072)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0072 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS...

PhantomCrawler - Boost Website Hits By Generating Requests From Multiple Proxy IPs

PhantomCrawler allows users to simulate website interactions through different proxy IP addresses. It leverages Python, requests, and BeautifulSoup to offer a simple and effective way to test website behaviour under varied proxy configurations. Features: Utilizes a list of proxy IP addresses from...

K000138103: Oracle Java SE vulnerabilities CVE-2023-22067 and CVE-2023-22081

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable...

WhatACart 2.0.7 Cross Site Scripting Vulnerability

Exploit Title: WhatACart Version: 2.0.7 - Reflected XSS Date: 2023-12-27 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://whatacart.com Version: 2.0.7 Tested on: https://whatacart.com/demo 1 Go to this page : https://demo.whatacart.com/ 2 Write search field this payload :...

dovyalis.fr Improper Access Control vulnerability OBB-3824450

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

K000138057: mod_ssl vulnerabilities CVE-2002-1157 and CVE-2002-0653

Security Advisory Description CVE-2002-1157 Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on...

Malicious code in axio-https (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3df6da0e125618885a14db25ec3079b2defda4eaa1065e8b026826af6404f594 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8749 Malicious code in axio-https (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3df6da0e125618885a14db25ec3079b2defda4eaa1065e8b026826af6404f594 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...