Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)

Fortinet has recently issued advisories and warnings regarding several vulnerabilities in its products, including FortiOS, FortiProxy, and FortiSwitchManager. One of the most critical vulnerabilities is a path traversal vulnerability in FortiOS (CVE-2022-41328). A privileged attacker may read and write arbitrary files via crafted CLI commands. Threat groups have been using zero-day exploits to abuse the … Continue reading “Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)”

Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)

Apache Software Foundation has published HTTP Web Server version 2.4.50 to fix the CVE-2021-41773 vulnerability in Apache Server version 2.4.49. This is a path traversal and file disclosure flaw that could allow attackers to gain access to sensitive data, and according to the report, is being actively exploited. The Apache HTTP Server is a cross-platform, … Continue reading “Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)”

SAP NetWeaver Multiple Security Vulnerabilities (CVE-2020-6287, CVE-2020-6286)

SAP issued a new security advisory on July 13 in their SAP Security Patch Day – July 2020 addressing ten security vulnerabilities in multiple SAP products. Among these multiple vulnerabilities, CVE-2020-6287 is a critical vulnerability with a CVSSv3 base score 10/10. Rest other vulnerabilities are of High and Medium severity. Description: SAP identified several vulnerabilities … Continue reading “SAP NetWeaver Multiple Security Vulnerabilities (CVE-2020-6287, CVE-2020-6286)”

Zoom path traversal into remote code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110)

Update June 5, 2020: Qualys’ standard procedure is to give proper credit to the security research teams working diligently to discover and report vulnerabilities. In our rush to deliver this article to customers, we missed giving credit to the talented Cisco Talos team, who are the original authors of this research. After additional review with a … Continue reading “Zoom path traversal into remote code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110)”

Grandnode Path Traversal Arbitrary file download vulnerability

Summary: A path traversal vulnerability has been reported in Grandnode. LetsEncryptController.cs in the Index action method is the vulnerable component., via which the server access the token validation URL, without authentication. Description: Grandnode is an open-source eCommerce solution powered by .NET Core 2.2, supporting Windows, Linux and Mac operating systems. LetsEncryptController.cs method is used in … Continue reading “Grandnode Path Traversal Arbitrary file download vulnerability”