1411 matches found
CVE-2023-22641
A url redirection to untrusted site 'open redirect' in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0...
CVE-2022-43948
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions,...
CVE-2022-40682
A incorrect authorization in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe...
Command injection
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions,...
Path traversal
A relative path traversal vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe...
CVE-2023-22641
A url redirection to untrusted site 'open redirect' in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0...
CVE-2022-43948
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions,...
CVE-2022-43948
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions,...
CVE-2022-42470
A relative path traversal vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe...
CVE-2022-42470
CVE-2022-42470 describes a local path-traversal vulnerability in Fortinet FortiClient for Windows. Exploitation path: a crafted request to a specific named pipe can allow an attacker with low privileges and no user interaction to execute arbitrary code or commands on the affected host. Affected s...
CVE-2022-40682
A incorrect authorization in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe...
Fortinet FortiClient 安全漏洞
Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. An elevation of privilege...
PT-2023-5164 · Fortinet · Forticlient
Name of the Vulnerable Software and Affected Versions: Fortinet FortiClient versions 6.0.0 through 6.0.10 Fortinet FortiClient versions 6.2.0 through 6.2.9 Fortinet FortiClient versions 6.4.0 through 6.4.9 Fortinet FortiClient versions 7.0.0 through 7.0.7 Description: The issue is related to...
PT-2023-9671 · Fortinet · Forticlient
Name of the Vulnerable Software and Affected Versions: Fortinet FortiClient versions 6.0.0 through 6.0.10 Fortinet FortiClient versions 6.2.0 through 6.2.9 Fortinet FortiClient versions 6.4.0 through 6.4.9 Fortinet FortiClient versions 7.0.0 through 7.0.7 Description: The issue is related to a...
WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)
Exploit Title: WebsiteBaker v2.13.3 - Cross-Site Scripting XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 02.04.2023 Author:...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.591035553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue...
Medium: protobuf
Issue Overview: A flaw was found in protobuf. The vulnerability occurs due to incorrect parsing of a NULL character in the proto symbol and leads to a Null pointer dereference. This flaw allows an attacker to execute unauthorized code or commands, read memory, modify memory. CVE-2021-22570 Affect...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-064)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-064 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...
Fortinet FortiAnalyzer Command Execution Vulnerability
Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...
Fortinet FortiWeb OS Command Injection Vulnerability (CNVD-2023-18291)
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. An operating system command injection...