1834 matches found
CVE-2023-34991
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...
CVE-2023-34991
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...
Sql injection
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...
CVE-2023-34991
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...
CVE-2023-34991
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...
CVE-2023-36553
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to...
PT-2023-6919 · Fortinet · Fortiwlm
Name of the Vulnerable Software and Affected Versions: Fortinet FortiWLM versions 8.2.2 through 8.6.5 Fortinet FortiWLM versions 8.3.0 through 8.3.2 Fortinet FortiWLM versions 8.4.0 through 8.4.2 Fortinet FortiWLM versions 8.5.0 through 8.5.4 Description: The issue is related to an improper...
Fortinet FortiWLM 安全漏洞
Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute unauthorized code or commands via...
Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability (CNVD-2025-06476)
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A security vulnerability exists in Rockwell Automation Arena Simulation, which can be exploited by an attacker to submit unauthorized code...
CVE-2023-27854
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system...
Remote code execution
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system...
Buffer overflow
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system...
CVE-2023-27858
CVE-2023-27858 affects Rockwell Automation Arena, specifically the Arena software (e.g., version 16.20.00001 per ICS-CISA advisories). The vulnerability stems from an uninitialized pointer in the application, enabling a local attacker to execute arbitrary code by processing a malformed or malicio...
CVE-2023-27858 Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system...
CVE-2023-27858 Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system...
CVE-2023-27854
CVE-2023-27854 affects Rockwell Automation Arena (Arena) 16.20.x; vulnerability is a memory boundary issue (out-of-bounds read) and related uninitialized pointer, triggered by processing crafted files. Exploitation could allow arbitrary code execution with local access and user interaction requir...
Rockwell Automation Arena Simulation Software 缓冲区错误漏洞
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A security vulnerability exists in Rockwell Automation Arena Simulation, which can be exploited by an attacker to submit unauthorized code...
CVE-2023-39902
A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...
Fortinet FortiEDR Access Control Error Vulnerability
Fortinet FortiEDR is an endpoint security solution built from the ground up by Fortinet. Fortinet FortiEDR suffers from an Access Control Error vulnerability that stems from insufficient handling of session expiration times, which can be exploited by an attacker to execute unauthorized code or...
The software’s vulnerability in integrating the SpaceLogic system management system with the C-Bus SpaceLogic C-Bus Toolkit allows a intruder to execute arbitrary code. This vulnerability arises from the insecure handling of privileges, enabling the intruder to perform unauthorized actions.
The vulnerability of the SpaceLogic system integration software with the C-Bus SpaceLogic C-Bus Toolkit is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...