Lucene search
K

1414 matches found

Vulnrichment
Vulnrichment
added 2022/03/04 5:36 p.m.15 views

CVE-2022-26318

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...

9.8AI score0.78303EPSS
Exploits6References1
OSV
OSV
added 2022/03/01 7:15 p.m.5 views

CVE-2021-43075

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...

8.8CVSS7.5AI score0.01639EPSS
Exploits0References1
OSV
OSV
added 2022/03/01 7:15 p.m.6 views

CVE-2021-43077

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP...

8.8CVSS5.9AI score0.00798EPSS
Exploits0References1
NVD
NVD
added 2022/03/01 7:15 p.m.22 views

CVE-2021-43075

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...

9CVSS0.01639EPSS
Exploits0References1
Prion
Prion
added 2022/03/01 7:15 p.m.21 views

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...

9CVSS8.9AI score0.01639EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/03/01 6:30 p.m.14 views

CVE-2021-43077

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP...

8.8CVSS7.6AI score0.00798EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/03/01 6:25 p.m.8 views

CVE-2021-43075

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...

8.8CVSS7.5AI score0.01639EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/01 6:25 p.m.26 views

CVE-2021-43075

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...

8.8CVSS9.1AI score0.01639EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/08 12:0 a.m.19 views

Fortinet FortiMail Cross-Site Scripting Vulnerability (CNVD-2022-19073)

Fortinet FortiMail is a suite of email security gateway products from Fortinet, Inc. Fortinet FortiMail is vulnerable to a cross-site scripting vulnerability that could be exploited to execute unauthorized code or commands via a specially crafted HTTP GET request to the FortiGuard URI protection...

6.1CVSS1.3AI score0.12936EPSS
Exploits5References1
NVD
NVD
added 2022/02/02 12:15 p.m.21 views

CVE-2021-41018

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

9CVSS0.03323EPSS
Exploits0References1
OSV
OSV
added 2022/02/02 12:15 p.m.3 views

CVE-2021-41018

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

8.8CVSS5.9AI score0.03323EPSS
Exploits0References1
CVE
CVE
added 2022/02/02 11:25 a.m.62 views

CVE-2021-41018

CVE-2021-41018 affects Fortinet FortiWeb OS command injection via improper neutralization of special elements in HTTP requests. Affected are FortiWeb versions 6.4.1 and below, and 6.3.15 and below. The vulnerability can allow an attacker to execute unauthorized code or commands through crafted HT...

9CVSS8.9AI score0.03323EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/02/02 11:15 a.m.39 views

CVE-2021-43062

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...

6.1CVSS0.12936EPSS
Exploits5References2
Prion
Prion
added 2022/02/02 11:15 a.m.22 views

Cross site scripting

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...

4.3CVSS6.5AI score0.12936EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2022/02/02 11:8 a.m.43 views

CVE-2021-43062

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...

6.1CVSS6.8AI score0.12936EPSS
Exploits5References2
CNNVD
CNNVD
added 2022/02/02 12:0 a.m.5 views

Fortinet FortiWeb 操作系统命令注入漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. fortinet FortiWeb An operating system comman...

9CVSS6.1AI score0.03323EPSS
Exploits0References2
Redos
Redos
added 2022/02/01 12:0 a.m.23 views

ROS-20220125-16

A vulnerability in the GNU Binary Utilities toolkit binutils is related to a boundary error in the stabxcoffbuiltintype function in stabs.c. Exploitation of the vulnerability could allow an attacker, acting remotely, to initiate unauthorized writing and execution of arbitrary code on the target...

7.8CVSS7.9AI score0.01312EPSS
Exploits1
OSV
OSV
added 2022/01/24 1:44 p.m.2 views

USN-5230-1 cpanminus vulnerability

It was discovered that App::cpanminus did not properly verify CHECKSUMS files. An attacker could possibly use this issue to bypass signature verification, gaining access to sensitive data or possibly executing unauthorized code...

7.8CVSS5.8AI score0.00713EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2022/01/21 7:46 a.m.26 views

CVE-2021-45941

A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the bpfobjectopen function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory...

6.5CVSS5.8AI score0.01097EPSS
Exploits1References3
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.486 views

Tutor LMS < 1.9.12 - Subscriber+ Stored Cross-Site Scripting

The plugin does not escape the 'Job Title" field of user's profile, which could allow any authenticated users to set a Cross-Site Scripting payload in it, which will be triggered when an admin edit the related profile As a subscriber, edit your profile and add the following payload in the Job Tit...

0.2AI score
Exploits0References1
Rows per page
Query Builder