1411 matches found
CVE-2023-28001
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...
Design/Logic Flaw
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...
CVE-2023-28001
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...
CVE-2023-28001
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...
CVE-2023-28001
CVE-2023-28001 affects Fortinet FortiOS FortiOS REST API. The issue is an insufficient session expiration that could allow an attacker to reuse the session of a deleted user to execute unauthorized code/commands. Connected sources confirm the vulnerability and note Fortinet/FortiGuard PSIRT advis...
CVE-2023-33299
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed...
Deserialization of untrusted data
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed...
Fortinet FortiNAC 代码问题漏洞
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC versions prior to 7.2.1, prior to 9.4.3, prior to 9.2.8, and prior to...
CVE-2022-43953
A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code o...
Format string
A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code o...
Fortinet Fortigate Format String Bug in Fclicense daemon (FG-IR-23-119)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-119 advisory. - A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through...
Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability (CNVD-2023-49821)
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to submit...
Rockwell Automation Arena Simulation Software 缓冲区错误漏洞
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to execute...
CVE-2023-22640
CVE-2023-22640 describes an out-of-bounds write in Fortinet FortiOS (versions 7.2.0–7.2.3, 7.0.0–7.0.10, 6.4.0–6.4.11, 6.2.0–6.2.13, 6.0) and FortiProxy (7.2.0–7.2.1, 7.0.0–7.0.7, 2.0, 1.2, 1.1, 1.0) that allows an authenticated attacker to execute arbitrary code or commands via crafted requests....
CVE-2023-29524
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a n...
CVE-2023-29524
The CVE affects XWiki Platform. A groovy script can be injected via the SchedulerJobSheet when a user without scripting rights edits their profile and adds a XWiki.SchedulerJobClass, causing server-side code execution on view. The issue has been patched in XWiki 14.10.3 and 15.0 RC1; upgrading is...
CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a n...
Fortinet FortiClientWindows Elevation of Privilege Vulnerability
Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. An elevation of privilege...
PT-2023-22413 · Unknown · Dreamer Cms
Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 3.0.1 Description: The issue is related to stored Cross Site Scripting XSS, which allows attackers to inject malicious scripts into content. This can lead to the execution of unauthorized code on the client-side...
Fortinet FortiClient Arbitrary file creation from unprivileged users due to process impersonation (FG-IR-22-336)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-336 advisory. - A incorrect authorization in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10...