1834 matches found
CVE-2021-36182
A Improper neutralization of special elements used in a command 'Command Injection' in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2021-36179
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution...
Command injection
A Improper neutralization of special elements used in a command 'Command Injection' in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...
Stack overflow
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution...
CVE-2021-36182
A Improper neutralization of special elements used in a command 'Command Injection' in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2021-36182
A Improper neutralization of special elements used in a command 'Command Injection' in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2021-36179
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution...
CVE-2021-36179
Fortinet FortiWeb suffers a stack-based buffer overflow in its CLI interface, enabling an authenticated attacker to execute arbitrary code or commands via crafted config backup parameters. The CVE-2021-36179 affects FortiWeb versions 6.3.14 and earlier and 6.2.4 and earlier. Fortinet’s PSIRT FG-I...
CVE-2021-36179
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution...
Fortinet FortiWeb 缓冲区错误漏洞
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
FortiWeb - Multiple stack-based buffer overflow vulnerabilities in CLI command
Multiple stack-based buffer overflow vulnerabilities in FortiWeb CLI interface may allow an authenticated attacker to execute unauthorized code or commands via config backup arguments...
Protect
A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific chains of print str and cmd mem cli commands to, respectively, read and write hexadecimal values to any memory address...
CVE-2021-39132
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...
Authentication flaw
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...
CVE-2021-39132 YAML deserialization can run untrusted code
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...
Microsoft OneFuzz has an unspecified vulnerability
Microsoft OneFuzz is a cross-platform, free and open source fuzz testing framework from Microsoft Corporation Microsoft.A security vulnerability exists in Microsoft OneFuzz versions 2.12.0 through 2.31.0, which stems from an incomplete authorization check in the affected product versions, which c...
Rockwellautomation Rslinx Improper Input Validation
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
CVE-2021-26097
FortiSandbox has an OS command injection flaw (CVE-2021-26097) affecting 3.2.0–3.2.2, 3.1.0–3.1.4, and 3.0.0–3.0.6. The issue arises from improper neutralization of special elements in OS command handling, enabling an authenticated attacker with web GUI access to execute unauthorized code or comm...
FortiSandbox - Command injection in web interface
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests...