CVE-2013-7182

Fortinet FortiOS FortiGate is affected by CVE-2013-7182 (XSS) in the web UI path /firewall/schedule/recurrdlg, via the mkey parameter. Affected versions are FortiOS 5.0.5 (and prior to 5.0.6 per advisory sources) with a vulnerability that allows remote attackers to inject arbitrary script/HTML in...

CVE-2013-7182

Cross-site scripting XSS vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter...

FortiOS 5.0.5 Cross Site Scripting

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in FortiOS 5.0.5 II. BACKGROUND ------------------------- Fortinet's industry-leading, Network Security Platforms deliver Next Generation Firewall NGFW security with exceptional throughput, ultra low latency, and...

Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability

Overview Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site...

Fortigate FortiOS Compliance Checks

Binary data fortigatecompliancecheck.nbin...

CVE-2013-1414

Multiple cross-site request forgery CSRF vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify 1 settings or 2 policies, or 3 restart the device via a...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify 1 settings or 2 policies, or 3 restart the device via a...

CVE-2013-1414

CVE-2013-1414 applies to Fortinet FortiOS on FortiGate devices. The issue is multiple CSRF vulnerabilities in the web UI that allow an attacker to hijack an administrator’s authenticated session and perform actions such as modifying settings, changing firewall policies, or reboot/shutdown command...

CVE-2013-4604

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role...

Design/Logic Flaw

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role...

CVE-2013-4604

Fortinet FortiOS prior to 5.0.3 on FortiGate devices is affected by CVE-2013-4604 due to improper restriction of the Guest user capabilities. This allows remote authenticated users with the Guest role to read, modify, or delete records of arbitrary users. The issue stems from insufficient access ...

CVE-2013-4604

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role...

Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities

Title: ====== Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities Date: ===== 2012-09-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=557 VL-ID: ===== 557 Common Vulnerability Scoring System: ==================================== 5 Introduction: ============= T...

Fortigate UTM WAF Appliance - Multiple Vulnerabilities

Title: ====== Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities Date: ===== 2012-09-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=557 VL-ID: ===== 557 Common Vulnerability Scoring System: ==================================== 5 Introduction: ============= T...

CVE-2006-3222

The FTP proxy module in Fortinet FortiOS FortiGate before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive EPSV FTP mode...

CVE-2006-3222

The FTP proxy module in Fortinet FortiOS FortiGate before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive EPSV FTP mode...

CVE-2006-3222

The vulnerability CVE-2006-3222 affects Fortinet FortiOS FortiGate devices where the FTP proxy module (before 2.80 MR12 and 3.0 MR2) can bypass antivirus scanning by abusing Enhanced Passive (EPSV) FTP mode. Affected product: FortiGate/FortiOS FTP proxy. Root cause: FTP proxy mishandles EPSV in a...

CVE-2005-3058

Fortinet FortiGate/FortiOS 2.8MR10 and FortiGate v3beta expose a vulnerability where remote attackers can bypass the URL blocker by using HTTP requests terminated with a line feed (LF) instead of CRLF or by requests without a Host header. This interpretation conflict in parsing HTTP requests is t...

Fortinet Fortigate 2.x/3.0 - URL Filtering Bypass

source: https://www.securityfocus.com/bid/16599/info Fortinet FortiGate is prone to a vulnerability that could allow users to bypass the device's URL filtering. FortiGate devices running FortiOS v2.8MR10 and v3beta are vulnerable to this issue. Other versions may also be affected. httpreq.pl Made...

CVE-2005-3057

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP...