CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command Injection

CVE WriteupsLeave a comment

Description FortiSiEM version 7.0 7.1 6.7 Legacy Affected by a Remote Code Execution (RCE) that allows an unauthenticated attacker to run arbitrary commands as root. The attack is executed by sending a specially crafted HTTPS payload that causes the phoenix FortiSIEM service to run the arbitrary command using os.system() as root. Payload <TEST_STORAGE type="nfs"> <server_ip>127.0.0.1</server_ip>…

CVE-2024–21413 Moniker Link

CVE WriteupsLeave a comment

Table of content Introduction Exploitation Remediation Introduction Protected Mode in Outlook functions by isolating potentially harmful email attachments and links within a secure environment. When enabled, this mode restricts the ability of external content, such as attachments or links, to interact with your computer system directly. Instead, such content is opened in a protected environment…