Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters...

Cross site scripting

An improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via craft...

CVE-2023-41678

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request...

CVE-2023-41678

CVE-2023-41678 centers on a double-free in Fortinet FortiOS (7.0.0–7.0.5) and FortiPAM (1.0.0–1.0.3, 1.1.0–1.1.1) that allows an attacker to execute arbitrary code or commands via a specially crafted request. Affected components include FortiOS’s HTTPSd daemon and FortiPAM. The exploitation impac...

CVE-2023-41844

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.4 and above...

CVE-2023-45587

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions allows attacker to execute...

CVE-2023-45587

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions allows attacker to execute...

CVE-2023-48782

Fortinet FortiWLM vulnerability CVE-2023-48782: OS command injection in FortiWLM 8.6.0–8.6.5 allows remote execution through specially crafted HTTP GET parameters. Reported impact includes unauthorized command execution; Fortinet lists a fix in 8.6.6+ (per the linked advisories).

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A cross-site scripting vulnerability exists in Fortinet FortiSandbox that stem...

Adobe ColdFusion Vulnerability Leads to Federal Agency Breach

Summary: Unidentified threat actors exploit Adobe ColdFusion vulnerability CVE-2023-26360 on government servers, leading to potential unauthorized code execution. Incidents involve reconnaissance, data extraction attempts, and emphasize the importance of software updates. Threat Level - Red |...

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

CVE-2023-49313

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data...

Exploit for Code Injection in Horsicq Xmachoviewer

CVE-2023-49313 A dylib injection vulnerability in XMachOViewer...

CVE-2021-37942

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

Fortinet FortiWLM SQL Injection Vulnerability (CNVD-2024-13757)

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute unauthorized code or commands via...

CVE-2023-46213 Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser...

CVE-2023-44442

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process. Mitigation Mitigation for this...

CVE-2023-44443

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process. Mitigation Mitigation for this...

CVE-2023-34991

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...

CVE-2023-34991

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...