ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/ https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/ https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/ https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/ https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/ https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used. Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/ https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. Date published : 2020-09-24 https://docs.pexip.com/admin/security_bulletins.htm https://www.pexip.com
An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. Date published : 2020-09-24 https://fortiguard.com/advisory/FG-IR-20-033
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. Date published : 2020-09-24...
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. Date published :...
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. Date published : 2020-09-24 https://fortiguard.com/advisory/FG-IR-20-054
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting...
iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.) Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/...
iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php. Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/ https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf