11 matches found
EUVD-2023-35163
Malicious code in bioql PyPI...
EUVD-2023-35162
Malicious code in bioql PyPI...
CVE-2023-30805
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...
CVE-2023-30804
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpnhtml/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated...
CVE-2023-30805
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...
CVE-2023-30806
Sangfor NGAF (Next-Gen Application Firewall) version NGAF8.0.17 is affected by an OS command injection vulnerability exploitable via a crafted HTTP POST to /cgi-bin/login.cgi due to mishandling of shell meta-characters in the PHPSESSID cookie. The issue is remote and unauthenticated with potentia...
CVE-2023-30805 Sangfor Next-Gen Application Firewall Login Un Param Command Injection
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...
CVE-2023-30802 Sangfor Next-Gen Application Firewall Source Code Disclosure
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field...
CVE-2023-30802
CVE-2023-30802 affects Sangfor Next-Gen Application Firewall NGAF 8.0.17. Multiple connected sources confirm a source-code disclosure vulnerability exploitable remotely by an unauthenticated attacker through HTTP requests with an invalid Content-Length header, enabling access to PHP source code. ...
PT-2023-6173 · Sangfor · Sangfor Next-Gen Application Firewall
Name of the Vulnerable Software and Affected Versions: Sangfor Next-Gen Application Firewall version NGAF8.0.17 Description: The issue is related to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP...
PT-2023-6169
Name of the Vulnerable Software and Affected Versions Sangfor Next-Gen Application Firewall version NGAF8.0.17 Description The issue is related to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP PO...