Lucene search
K

5903 matches found

CERT
CERT
added 2014/02/03 12:0 a.m.38 views

Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerability

Overview Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-si...

4.3CVSS6.2AI score0.02413EPSS
Exploits1References3
CERT
CERT
added 2014/02/03 12:0 a.m.36 views

Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability

Overview Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site...

4.3CVSS6.2AI score0.02413EPSS
Exploits1References3
NVD
NVD
added 2013/11/20 2:12 p.m.16 views

CVE-2013-6826

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrftoken parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks...

6.8CVSS6.7AI score0.01928EPSS
Exploits1References2
Prion
Prion
added 2013/11/20 2:12 p.m.19 views

Cross site request forgery (csrf)

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrftoken parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks...

6.8CVSS7.3AI score0.01928EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2013/11/19 7:0 p.m.55 views

CVE-2013-6826

Fortinet FortiAnalyzer (pre-5.0.5) is affected by CVE-2013-6826 due to improper validation of the csrf_token parameter, enabling cross-site request forgery via multiple web UI scripts. The underlying issue is lack of CSRF protection in SYSAdminUserDialog paths, leading to potential session hijack...

6.8CVSS7AI score0.01928EPSS
Exploits1References2Affected Software7
Exploit DB
Exploit DB
added 2013/10/12 12:0 a.m.37 views

Fortinet FortiAnalyzer - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/63663/info FortiAnalyzer is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of...

7.4AI score
Exploits0
NVD
NVD
added 2013/07/08 5:55 p.m.21 views

CVE-2013-1414

Multiple cross-site request forgery CSRF vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify 1 settings or 2 policies, or 3 restart the device via a...

5.1CVSS7.2AI score0.02286EPSS
Exploits6References1
Prion
Prion
added 2013/07/08 5:55 p.m.24 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify 1 settings or 2 policies, or 3 restart the device via a...

5.1CVSS7.7AI score0.02286EPSS
Exploits6References1Affected Software1
CVE
CVE
added 2013/07/08 5:0 p.m.118 views

CVE-2013-1414

CVE-2013-1414 applies to Fortinet FortiOS on FortiGate devices. The issue is multiple CSRF vulnerabilities in the web UI that allow an attacker to hijack an administrator’s authenticated session and perform actions such as modifying settings, changing firewall policies, or reboot/shutdown command...

5.1CVSS7.2AI score0.02286EPSS
Exploits6References1Affected Software30
0day.today
0day.today
added 2013/07/01 12:0 a.m.67 views

Fortigate Firewalls - CSRF Vulnerability

Exploit for hardware platform in category web applications Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version:...

5.1CVSS6.5AI score0.02286EPSS
Exploits6
Exploit DB
Exploit DB
added 2013/07/01 12:0 a.m.53 views

Fortigate Firewalls - Cross-Site Request Forgery

Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version: i...

5.1CVSS6.5AI score0.02286EPSS
Exploits6
Packet Storm
Packet Storm
added 2013/06/28 12:0 a.m.70 views

Fortigate Firewall Cross Site Request Forgery

Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version: input type="submit" name="add" value="reb...

5.1CVSS0.5AI score0.02286EPSS
Exploits6
NVD
NVD
added 2013/06/25 2:38 p.m.22 views

CVE-2013-4604

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role...

6.5CVSS6.5AI score0.01078EPSS
Exploits0References1
Prion
Prion
added 2013/06/25 2:38 p.m.22 views

Design/Logic Flaw

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role...

6.5CVSS7AI score0.01078EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/06/25 2:0 p.m.58 views

CVE-2013-4604

Fortinet FortiOS prior to 5.0.3 on FortiGate devices is affected by CVE-2013-4604 due to improper restriction of the Guest user capabilities. This allows remote authenticated users with the Guest role to read, modify, or delete records of arbitrary users. The issue stems from insufficient access ...

6.5CVSS6.7AI score0.01078EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/06/25 2:0 p.m.29 views

CVE-2013-4604

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role...

6.5AI score0.01078EPSS
Exploits0References1
Fortinet
Fortinet
added 2013/06/13 12:0 a.m.31 views

Improper Guest User Permission Management Issue in FortiGate

...

6.5CVSS1.8AI score0.01078EPSS
Exploits0
Fortinet
Fortinet
added 2013/05/13 12:0 a.m.21 views

Potential Man-In-The Middle Vulnerability in FortiClient VPN

...

6.9AI score
Exploits0
Prion
Prion
added 2013/02/04 7:55 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption IBE appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via 1 the Add field for the Black List under Antispam...

4.3CVSS6.1AI score0.02015EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2013/02/04 7:0 p.m.27 views

CVE-2013-1471

Multiple cross-site scripting XSS vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption IBE appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via 1 the Add field for the Black List under Antispam...

5.8AI score0.02015EPSS
Exploits1References3
Rows per page
Query Builder