DrayTek Vigor2960 Path Traversal Vulnerability

DrayTek Vigor2960 is a dual WAN broadband router/VPN gateway from China's DrayTek. A path traversal vulnerability exists in the Draytek Vigor2960 v1.5.1.4 , v1.5.1.5 versions, which stems from a vulnerable directory traversal attack on the option parameter in the mainfunction.cgi dumpSyslog,...

CVE-2023-46547

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog...

Juniper Junos OS Vulnerability (JSA73145)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73145 advisory. - An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue...

Important Photon OS Security Update - PHSA-2023-4.0-0494

Updates of 'syslog-ng', 'binutils' packages of Photon OS have been released...

Design/Logic Flaw

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMP...

Fortinet FortiAnalyzer Data Forgery Issue Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

Design/Logic Flaw

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS. PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 wit...

CVE-2023-42782

A insufficient verification of data authenticity vulnerability CWE-345 in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number...

CVE-2023-42782

A insufficient verification of data authenticity vulnerability CWE-345 in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number...

Authorization

A insufficient verification of data authenticity vulnerability CWE-345 in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number...

CVE-2023-42782

FortiAnalyzer CVE-2023-42782 is an insufficent verification of data authenticity (CWE-345) affecting FortiAnalyzer 7.4.0 and below 7.2.3. An unauthenticated remote attacker could send forged messages to FortiAnalyzer’s syslog server by exploiting knowledge of an authorized device serial number. S...

Fortinet FortiAnalyzer 数据伪造问题漏洞

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

PT-2023-5996 · Fortinet · Fortianalyzer

Name of the Vulnerable Software and Affected Versions: FortiAnalyzer versions 7.4.0 and below 7.2.3 Description: The issue is related to insufficient verification of data authenticity, allowing a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via knowledge ...

CVE-2023-0828

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-0828

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

Cross site scripting

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-0828 Stored Cross Site Scripting in syslog section

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-0828

CVE-2023-0828 is a Cross-site Scripting (XSS) vulnerability in the Syslog section of Pandora FMS that can cause a user’s cookie value to be transferred to an attacker’s server. Affected: Pandora FMS version 7.67 (7.67) and earlier on all platforms. Root cause: XSS in the Syslog UI. Impact: creden...

CVE-2023-0828 Stored Cross Site Scripting in syslog section

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

PT-2023-16553 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS version 7.67 and prior versions Description: A Cross-site Scripting XSS issue in the Syslog Section of Pandora FMS allows an attacker to transfer a user's cookie value to the attacker's server. Recommendations: For Pandora FMS...