Lucene search
K

191 matches found

Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.6 views

PT-2023-7378 · Fortinet · Fortiguard +2

Name of the Vulnerable Software and Affected Versions: FortiAnalyzer and FortiManager versions 6.4.8 through 6.4.10 FortiAnalyzer and FortiManager versions 7.0.0 through 7.0.5 FortiAnalyzer and FortiManager versions 7.2.0 through 7.2.1 Description: The issue is related to an improper certificate...

8.1CVSS8AI score0.00275EPSS
Exploits0References4
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.38 views

FortiAnalyzer & FortiManager - Lack of client-side certificate validation when establishing secure connections with FortiGuard to download outbreakalert

An improper certificate validation vulnerability CWE-295 in FortiAnalyzer and FortiManager may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources...

5.1CVSS7.8AI score0.00275EPSS
Exploits0Affected Software2
The Hacker News
The Hacker News
added 2023/03/09 2:1 p.m.143 views

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization...

9.8CVSS1AI score0.99968EPSS
Exploits5
The Hacker News
The Hacker News
added 2023/03/09 8:10 a.m.3 views

New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with the successful exploitation of susceptible Oracle WebLogic servers to...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/28 1:59 p.m.34 views

Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain

Romanian cybersecurity company Bitdefender has released a free decryptor for a new ransomware strain known as MortalKombat. MortalKombat is a new ransomware strain that emerged in January 2023. It's based on commodity ransomware dubbed Xorist and has been observed in attacks targeting entities in...

1.3AI score
Exploits0
Saint
Saint
added 2023/02/24 12:0 a.m.183 views

FortiNAC keyUpload.jsp command execution

Added: 02/24/2023 Background FortiNAC is a network access control solution. Problem A vulnerability in the keyUpload.jsp resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution. Resolution Upgrade to FortiNAC 7.2.0, 9.1.8,...

9.8CVSS9.9AI score0.99815EPSS
Exploits7
GithubExploit
GithubExploit
added 2023/02/23 3:10 p.m.624 views

Exploit for Stack-based Buffer Overflow in Fortinet Fortiweb

CVE-2021-42756 Multiple stack-based buffer overflow vulnerabi...

9.8CVSS10AI score0.36405EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/12/16 7:10 a.m.25 views

Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service DDoS attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices...

1.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/12/12 6:48 p.m.111 views

CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On December 12, 2022, FortiGuard Labs published advisory FG-IR-22-398 regarding a critical CVSSv3 9.3 “heap-based buffer overflow vulnerability CWE-122 in FortiOS SSL-VPN which may all...

1.4AI score0.99474EPSS
Exploits11
Packet Storm
Packet Storm
added 2022/10/19 12:0 a.m.417 views

Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.', 'Description' = %q This module exploits an authentication bypass...

0.2AI score0.99984EPSS
Exploits25
Wordfence Blog
Wordfence Blog
added 2022/10/13 9:8 p.m.281 views

Threat Advisory: CVE-2022-40684 Fortinet Appliance Auth bypass

This morning, the Wordfence Threat Intelligence team began tracking exploit attempts targeting CVE-2022-40684 on our network of over 4 million protected websites. CVE-2022-40684 is a critical authentication bypass vulnerability in the administrative interface of Fortinet’s FortiGate firewalls,...

9.8AI score0.99984EPSS
Exploits25
The Hacker News
The Hacker News
added 2022/08/07 4:29 a.m.55 views

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute...

1.5AI score
Exploits0
ThreatPost
ThreatPost
added 2022/07/18 12:19 p.m.117 views

CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2

A Windows 11 vulnerability, part of Microsoft’s Patch Tuesday roundup of fixes, is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency CISA to advise patching of the elevation of privileges flaw by August 2. The recommendation is directed at federal...

7.8CVSS8.7AI score0.18765EPSS
Exploits0References10
0day.today
0day.today
added 2022/02/18 12:0 a.m.147 views

Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting Vulnerability

Exploit Title: Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/fmlurlsvc/ Exploit Author: Braiant Giraldo Villa Contact: @ironfortress Twitter Vendor Homepage: https://www.fortinet.com/products/email-security Software Link:...

6.1CVSS6.3AI score0.12936EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/02/18 12:0 a.m.325 views

Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)

Exploit Title: Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/fmlurlsvc/ Date: 01-Feb-2022 Exploit Author: Braiant Giraldo Villa Contact: @ironfortress Twitter Vendor Homepage: https://www.fortinet.com/products/email-security Software Link:...

6.1CVSS6.3AI score0.12936EPSS
Exploits5
CNVD
CNVD
added 2022/02/08 12:0 a.m.19 views

Fortinet FortiMail Cross-Site Scripting Vulnerability (CNVD-2022-19073)

Fortinet FortiMail is a suite of email security gateway products from Fortinet, Inc. Fortinet FortiMail is vulnerable to a cross-site scripting vulnerability that could be exploited to execute unauthorized code or commands via a specially crafted HTTP GET request to the FortiGuard URI protection...

6.1CVSS1.3AI score0.12936EPSS
Exploits5References1
NVD
NVD
added 2022/02/02 11:15 a.m.40 views

CVE-2021-43062

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...

6.1CVSS0.12936EPSS
Exploits5References2
OSV
OSV
added 2022/02/02 11:15 a.m.1 views

CVE-2021-43062

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...

6.1CVSS6.5AI score0.12936EPSS
Exploits5References2
Prion
Prion
added 2022/02/02 11:15 a.m.22 views

Cross site scripting

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...

4.3CVSS6.5AI score0.12936EPSS
Exploits5References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/02 11:8 a.m.13 views

CVE-2021-43062

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...

6.1CVSS7.4AI score0.12936EPSS
Exploits5References2
Rows per page
Query Builder