9 matches found
CVE-2023-30805
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...
Command injection
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...
CVE-2023-30805 Sangfor Next-Gen Application Firewall Login Un Param Command Injection
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...
CVE-2023-30805 Sangfor Next-Gen Application Firewall Login Un Param Command Injection
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...
CVE-2016-5727
LogInOut.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop...
Design/Logic Flaw
LogInOut.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop...
CVE-2016-5727
CVE-2016-5727 affects Simple Machines Forum (SMF) 2.1. The vulnerability allows remote attackers to perform PHP object injection and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. The description indicates an input-derived injection in LogIn...
CVE-2006-0502
CVE-2006-0502 affects FarsiNews 2.1 Beta 2 and earlier. The vulnerability is a PHP remote file inclusion in loginout.php when register_globals is enabled, allowing an attacker to include arbitrary files via a URL supplied to the cutepath parameter. NVD assigns a CVSSv2 base score of 7.5 (HIGH) wi...
Farsinews 2.1 - 'Loginout.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/16440/info FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...