Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2023/10/10 3:15 p.m.17 views

CVE-2023-30803

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header...

9.8CVSS6.2AI score0.00746EPSS
Exploits1References3
Prion
Prionadded 2023/10/10 3:15 p.m.17 views

Command injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...

7.5CVSS9.9AI score0.14849EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2023/10/10 3:15 p.m.24 views

Authentication flaw

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header...

7.5CVSS6.9AI score0.00746EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2023/10/10 3:15 p.m.14 views

Code injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field...

5CVSS5.6AI score0.00128EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2023/10/10 2:27 p.m.59 views

CVE-2023-30806

Sangfor NGAF (Next-Gen Application Firewall) version NGAF8.0.17 is affected by an OS command injection vulnerability exploitable via a crafted HTTP POST to /cgi-bin/login.cgi due to mishandling of shell meta-characters in the PHPSESSID cookie. The issue is remote and unauthenticated with potentia...

9.8CVSS9.7AI score0.14849EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/10 2:21 p.m.14 views

CVE-2023-30804 Sangfor Next-Gen Application Firewall Authenticated File Disclosure

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpnhtml/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated...

4.9CVSS7AI score0.05156EPSS
Exploits1References3
Cvelist
Cvelistadded 2023/10/10 2:14 p.m.27 views

CVE-2023-30803 Sangfor Next-Gen Application Firewall Authentication Bypass

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header...

9.8CVSS7.6AI score0.00746EPSS
Exploits1References3
Rows per page
Query Builder