5918 matches found
FortiWeb Cross-Site Scripting Vulnerabilities
...
Fortinet FortiMail 400 IBE Multiple Vulnerabilities
No description provided by source...
BitComet 0.60 Torrent File Handling Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16311/info BitComet is prone to a buffer-overflow vulnerability. This issue presents itself when the application attempts to process a malformed '.torrent' file. Exploitation of this issue could allow attacker-supplied...
Fortinet FortiGate 2.x/3.0 URL Filtering Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16599/info Fortinet FortiGate is prone to a vulnerability that could allow users to bypass the device's URL filtering. FortiGate devices running FortiOS v2.8MR10 and v3beta are vulnerable to this issue. Other versions may...
Fortinet FortiWeb Web Application Firewall Policy Bypass
No description provided by source. BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWeb Version: Latest update...
Fortinet Fortigate CRLF Characters URL Filtering Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27276/info Fortinet Fortigate is prone to a vulnerability that can allow attackers to bypass the device's URL filtering. An attacker can exploit this issue to view unauthorized websites, bypassing certain security...
Fortinet FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities
The remote host running FortiWeb prior to 5.2.0. It is, therefore, affected by multiple cross-site request forgery XSRF vulnerabilities in the web UI due to a lack of XSRF token protection. A remote, unauthenticated attacker could potentially exploit this vulnerability to perform administrative...
CVE-2014-3115
Multiple cross-site request forgery CSRF vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors...
CVE-2014-3115
Multiple cross-site request forgery CSRF vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors...
CVE-2014-3115
Fortinet FortiWeb
Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability
Overview Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery CSRF vulnerability. CWE-352 Description CWE-352: Cross-Site Request Forgery CSRF Fortinet Fortiweb prior to...
Fortinet Device Detection
Binary data fortinetversion.nbin...
Fortinet FortiOS 5.x < 5.0.3 Security Bypass
The remote host is running FortiOS 5.x prior to 5.0.3. It is, therefore, affected by a security bypass vulnerability due to a failure to properly manage the Guest user permission. An attacker could potentially exploit this vulnerability to view, change, or delete records of users from another...
Fortinet FortiOS User Interface Default Credentials
The remote Fortinet FortiOS user interface uses a known set of default credentials. Knowing these, an attacker with access to the service can gain administrative access to the device. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Fortinet FortiMail < 4.3.4 / 5.0.0 Multiple XSS
The remote host is running FortiMail prior to 4.3.4 / 5.0.0. It is, therefore, affected by multiple cross-site scripting vulnerabilities due to a failure to sanitize user-supplied input in the web UI. Specifically, flaws exist in the 'ipmask', 'username', 'address', and 'url' parameters of the...
Fortinet FortiOS < 4.3.13 / 5.0.3 Multiple XSRF
The remote host is running FortiOS prior to 4.3.13 / 5.0.3. It is, therefore, affected by multiple cross-site request forgery vulnerabilities in web UI pages because they are not protected by XSRF tokens. An attacker could potentially exploit this vulnerability to hijack an authenticated user's...
Fortinet FortiAnalyzer < 4.3.7 / 5.0.5 Multiple XSRF
The remote host is running FortiAnalyzer prior to 4.3.7 / 5.0.5. It is, therefore, affected by multiple cross-site request forgery vulnerabilities due to a failure to validate XSRF tokens in several web UI scripts. An attacker could potentially exploit this vulnerability to hijack an authenticate...
Fortinet FortiOS 5.x < 5.0.6 XSS
The remote host is running FortiOS prior to 5.0.6. It is, therefore, affected by a cross-site scripting vulnerability due to a failure to sanitize user-supplied input to the 'mkey' parameter in the '/firewall/schedule/recurrdlg' URL of the web UI. An attacker could potentially exploit this...
Unsupported Fortinet Hardware and Operating System
According to its version, the remote Fortinet hardware or operating system is obsolete and is no longer being maintained or supported by Fortinet. Lack of support for the hardware implies that future hardware will not be supported in fixes, replacements and that current and future operating syste...
Fortinet FortiWeb 5.x < 5.1.0 XSS
The remote host is running FortiWeb 5.x prior to 5.1.0. It is, therefore, affected by a cross-site scripting vulnerability in the web UI due to a failure to sanitize user-supplied input to the 'filter' parameter in the '/user/ldapuser/add' script. An attacker could potentially exploit this...