The vulnerability of the FortiOS operating system, related to the exposure of information through query strings, allows attackers to view open text passwords of deleted services such as RDP or VNC.

The vulnerability of the FortiOS operating system’s request method is related to the disclosure of information through the request strings. Exploiting this vulnerability allows a malicious actor to remotely access open text passwords of deleted services, such as RDP or VNC...

CVE-2022-40190

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...

Web Server Generic Cookie Injection

The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to inject arbitrary cookies. Depending on the structure of the web application, it may be possible to launch a 'session fixation'...

CGI Generic SSI Injection (HTTP headers)

The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings and seem to be vulnerable to an 'SSI injection' attack. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host. %NASLMINLEVEL 70300 C Tenable Network...

DoS против 3COM HomeConnect (buffer overflow)

Переполнение буфера при длинной строке запроса к Web-интерфейсу...