CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...

CVE-2024-58337

Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities...

EUVD-2023-44596

Malicious code in bioql PyPI...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in the authentication process, which allows a malicious individual to alter the settings of the user interface for project management.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to modify the settings of the user interface for project...

CVE-2023-3971

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise...

CVE-2023-3971

The CVE-2023-3971 HTML injection flaw affects Red Hat Ansible Automation Platform’s Automation Controller UI (Controller). The issue allows an attacker to craft a malicious login page to capture credentials, enabling complete compromise per the CVE description. Remediation is in RHSA-2023:4590/RH...

CVE-2023-36635

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API...

CVE-2023-36635

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API...

Improper access control

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API...

CVE-2023-36635

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API...

Fortinet FortiSwitchManager 安全漏洞

Fortinet FortiSwitchManager is a network switch management tool from Fortinet designed to help organizations manage their FortiSwitch family of network switches. An improper access control vulnerability exists in Fortinet FortiSwitchManager. The vulnerability is caused by a flawed authentication...

Controller: Html injection in custom login info

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise...

The vulnerability of FortiOS operating systems, related to access control deficiencies, allows attackers to modify interface settings.

The vulnerability of FortiOS operating systems is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to modify interface settings remotely through APIs...

CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...

CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...

CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...

CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...

Protect

An improper access control CWE-284 vulnerability in FortiOS may allow a remote authenticated read-only user to modify the interface settings via the API...

PT-2022-6023 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.0.0 through 7.0.7 FortiOS version 7.2.0 Description: The issue is related to improper access control, which may allow a remote authenticated read-only user to modify interface settings via the API. This could potentially be...

The vulnerability in the implementation of browser interface settings for Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability of the Chrome and Microsoft Edge browser interface settings is caused by a buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...