Web Application Firewall

Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5

[vc_row][vc_column][vc_column_text]

buy Lyrica online india Overview :

References
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user’s session by persuading the victim to follow a malicious link.

http://cowmanauction.com/wp-content/themes/urbancity/lib/scripts/download.php?file=wp-config.php Affected Product(s) :

CVE-2019-17653

References:

Each reference used in CVE has the following structure:

SOURCE: NAME

SOURCE is an alphanumeric keyword.
(Examples: “BUGTRAQ”, “OVAL”, etc.)
NAME is a single line of ASCII text and can include colons and spaces.
(Examples: “BUGTRAQ: Posting to Bugtraq mailing list”; “OVAL: Open Vulnerability and Assessment Language (OVAL) vulnerability definition”; etc.)

Where possible, the NAME is selected to facilitate searches on a SOURCE’s website. For references that do not have a well-defined identifier, a release date and/or subject header may be included.

References are typically listed in the order below:

Initial announcement
Response team advisory
Vendor acknowledgement/advisory
All other public sources

[/vc_column_text][/vc_column][/vc_row]

What Is Account Aggregation And How It Can Be Prevented?

CVE-2023-28004 : SCHNEIDER ELECTRIC POWERLOGIC HDPM6000 ETHERNET REQUEST ARRAY INDEX

What Is XML External Entity Injection? How To Prevent XXE Attacks?

zzcms 2018 template_user.php ml/title code injection

August 26, 2021 No Comments

A vulnerability was found in zzcms 2018 (Content Management System) and classified as critical. This issue affects an unknown function

ZyXEL VPN2S 1.12 Web Server path traversal

September 29, 2021 No Comments

A vulnerability classified as problematic was found in ZyXEL VPN2S 1.12. Affected by this vulnerability is an unknown part of

Zyxel VPN2S 1.12 CGI Program os command injection

September 29, 2021 No Comments

A vulnerability has been found in Zyxel VPN2S 1.12 and classified as critical. This vulnerability affects some unknown processing of

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

July 2, 2021 No Comments

A vulnerability was found in Zyxel USG, USG Flex, Zywall, ATP and VPN up to 4.64 (Firewall Software). It has

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

July 26, 2021 No Comments

A vulnerability was found in ZyXEL GS1900-8 2.60. It has been classified as problematic. This affects an unknown code of

Zynamics BinDiff up to 6 i64 File use after free

June 30, 2021 No Comments

A vulnerability, which was classified as critical, has been found in Zynamics BinDiff up to 6. This issue affects an

CVE-2024-31869 : APACHE AIRFLOW UP TO 2.8.4 CONFIGURATION UI PAGE INFORMATION DISCLOSURE

April 18, 2024 No Comments

Description Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via

CVE-2024-24856 : LINUX KERNEL UP TO 6.8 ACPI_ALLOCATE_ZEROED NULL POINTER DEREFERENCE

April 17, 2024 No Comments

Description The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer

CVE-2024-2912 : BENTOML FRAMEWORK UP TO 1.2.4 POST REQUEST INSECURE DEFAULT INITIALIZATION OF RESOURCE

April 16, 2024 No Comments

Description An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted