CVE-2021-41018

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2021-43071

A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller...

CVE-2021-41013

An improper access control vulnerability CWE-284 in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs...

CVE-2021-36191

A url redirection to untrusted site 'open redirect' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers...

CVE-2021-43064

A url redirection to untrusted site 'open redirect' in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers...

WordPress Google Maps 6.3.14 Cross Site Request Forgery

------------------------------------------------------------------------ Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF ------------------------------------------------------------------------ Sipke Mellema, July 2016...