5914 matches found
CVE-2014-2335
Multiple cross-site scripting XSS vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336...
CVE-2014-2336
Fortinet FortiManager/ FortiAnalyzer are affected by multiple XSS vulnerabilities in their Web UI prior to version 5.0.7. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This set corresponds to CVE-2014-2334, CVE-2014-2335, and CVE-2014-2336. Expl...
CVE-2014-2335
Fortinet FortiManager/FortiAnalyzer < 5.0.7 are affected by multiple XSS vulnerabilities in the Web UI (CVE-2014-2334/2335/2336). The issues arise from improper input validation/sanitization in the web interface, allowing an attacker to inject arbitrary script/HTML via unspecified vectors. FG-...
CVE-2014-2334
Multiple cross-site scripting XSS vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336...
Multiple XSS vulnerabilities in FortiManager and FortiAnalyzer Web UI
...
Fortinet FortiOS < 4.3.16 / 5.x < 5.0.8 Multiple Vulnerabilities (FG-IR-14-006)
The remote host is running FortiOS prior to 4.3.16 or 5.x prior to 5.0.8. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the FortiManager service when handling incoming requests. Using a specially crafted request, a remote attacker can exploit this to cause a...
CVE-2014-0351
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the...
Design/Logic Flaw
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the...
CVE-2014-0351
Fortinet FortiOS versions affected: FortiOS before 4.3.16 and 5.x before 5.0.8. The FortiManager service allows anonymous cipher suites, enabling a man‑in‑the‑middle to read or tamper traffic. According to FG-IR-14-006, this vulnerability (CVE-2014-0351) can also impact FortiManager communication...
CVE-2014-2216
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request...
Cross site request forgery (csrf)
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request...
CVE-2014-2216
The CVE-2014-2216 vulnerability affects Fortinet FortiOS FortiGate devices where the FortiManager protocol service (on FortiOS versions prior to 4.3.16 and prior to 5.0.8 in the 5.0 branch) can be triggered by a crafted request, enabling remote attackers to cause a denial of service and possibly ...
CVE-2014-2216
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request...
Fortinet FortiWeb 5.x < 5.2.1 Multiple XSS Vulnerabilities
The remote host is running FortiWeb 5.x prior to 5.2.1. It is, therefore, affected by multiple cross-site scripting XSS vulnerabilities in the web management interface URLs '/user/ldapuser/checkdlg' and '/user/radiususer/checkdlg' due to insufficient parameter input validation. Under specific...
Fortinet FortiClient OpenSSL Security Bypass
FortiClient, a client-based software solution intended to provide security features for enterprise computers and mobile devices, is installed on the remote Windows host. The installed FortiClient version uses a vulnerable OpenSSL library that contains a flaw with the handshake process. The flaw...
Fortinet OpenSSL Multiple Vulnerabilities
The firmware of the remote Fortinet host is running a version of OpenSSL that is affected by one or more of the following vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issu...
FortiWeb Cross-Site Scripting Vulnerabilities
...
Fortinet FortiMail 400 IBE Multiple Vulnerabilities
No description provided by source...
BitComet 0.60 Torrent File Handling Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16311/info BitComet is prone to a buffer-overflow vulnerability. This issue presents itself when the application attempts to process a malformed '.torrent' file. Exploitation of this issue could allow attacker-supplied...
Fortinet FortiGate 2.x/3.0 URL Filtering Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16599/info Fortinet FortiGate is prone to a vulnerability that could allow users to bypass the device's URL filtering. FortiGate devices running FortiOS v2.8MR10 and v3beta are vulnerable to this issue. Other versions may...