βΌ CVE-2023-4966 βΌ
π Read
via "National Vulnerability Database".
Sensitive information disclosureΓ in NetScaler ADC and NetScaler Gateway when configured as aΓ Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)Γ orΓ AAA ?virtual?server.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-30805 βΌ
π Read
via "National Vulnerability Database".
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.π Read
via "National Vulnerability Database".
π΄ North Korea's State-Sponsored APTs Organize & Align π΄
π Read
via "Dark Reading".
An unprecedented collaboration by various APTs within the DPKR makes them harder to track, setting the stage for aggressive, complex cyberattacks that demand strategic response efforts, Mandiant warns.π Read
via "Dark Reading".
Dark Reading
North Korea's State-Sponsored APTs Organize & Align
An unprecedented collaboration by various APTs within the DPKR makes them harder to track, setting the stage for aggressive, complex cyberattacks that demand strategic response efforts, Mandiant warns.
π΄ How Keyloggers Have Evolved From the Cold War to Today π΄
π Read
via "Dark Reading".
Keyloggers have been used for espionage since the days of the typewriter, but today's threats are easier to get and use than ever.π Read
via "Dark Reading".
Dark Reading
How Keyloggers Have Evolved From the Cold War to Today
Keyloggers have been used for espionage since the days of the typewriter, but today's threats are easier to get and use than ever.
βΌ CVE-2023-37935 βΌ
π Read
via "National Vulnerability Database".
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44995 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <=Γ 2.2.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37939 βΌ
π Read
via "National Vulnerability Database".
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] inΓ FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list ofΓ files or folders excluded from malware scanning.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34993 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41675 βΌ
π Read
via "National Vulnerability Database".
A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27633 βΌ
π Read
via "National Vulnerability Database".
In FNET 4.6.3, TCP ISNs are improperly random.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41838 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36556 βΌ
π Read
via "National Vulnerability Database".
An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34989 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43896 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42787 βΌ
π Read
via "National Vulnerability Database".
A client-side enforcement of server-side security [CWE-602] vulnerabilityΓ in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36549 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36555 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33301 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34988 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22298 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27631 βΌ
π Read
via "National Vulnerability Database".
In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.π Read
via "National Vulnerability Database".