1414 matches found
CVE-2022-26318
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...
CVE-2021-43075
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...
CVE-2021-43077
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP...
CVE-2021-43075
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...
Command injection
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...
CVE-2021-43077
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP...
CVE-2021-43075
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...
CVE-2021-43075
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...
Fortinet FortiMail Cross-Site Scripting Vulnerability (CNVD-2022-19073)
Fortinet FortiMail is a suite of email security gateway products from Fortinet, Inc. Fortinet FortiMail is vulnerable to a cross-site scripting vulnerability that could be exploited to execute unauthorized code or commands via a specially crafted HTTP GET request to the FortiGuard URI protection...
CVE-2021-41018
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2021-41018
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2021-41018
CVE-2021-41018 affects Fortinet FortiWeb OS command injection via improper neutralization of special elements in HTTP requests. Affected are FortiWeb versions 6.4.1 and below, and 6.3.15 and below. The vulnerability can allow an attacker to execute unauthorized code or commands through crafted HT...
CVE-2021-43062
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...
Cross site scripting
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...
CVE-2021-43062
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...
Fortinet FortiWeb 操作系统命令注入漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. fortinet FortiWeb An operating system comman...
ROS-20220125-16
A vulnerability in the GNU Binary Utilities toolkit binutils is related to a boundary error in the stabxcoffbuiltintype function in stabs.c. Exploitation of the vulnerability could allow an attacker, acting remotely, to initiate unauthorized writing and execution of arbitrary code on the target...
USN-5230-1 cpanminus vulnerability
It was discovered that App::cpanminus did not properly verify CHECKSUMS files. An attacker could possibly use this issue to bypass signature verification, gaining access to sensitive data or possibly executing unauthorized code...
CVE-2021-45941
A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the bpfobjectopen function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory...
Tutor LMS < 1.9.12 - Subscriber+ Stored Cross-Site Scripting
The plugin does not escape the 'Job Title" field of user's profile, which could allow any authenticated users to set a Cross-Site Scripting payload in it, which will be triggered when an admin edit the related profile As a subscriber, edit your profile and add the following payload in the Job Tit...