Lucene search
K

5916 matches found

Prion
Prion
added 2009/04/07 11:30 p.m.14 views

Format string

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name...

7.2CVSS7.8AI score0.00453EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2009/04/07 11:30 p.m.16 views

CVE-2009-1262

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name...

7.2CVSS7.3AI score0.00453EPSS
Exploits0References10
Cvelist
Cvelist
added 2009/04/07 11:0 p.m.21 views

CVE-2009-1262

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name...

7.3AI score0.00453EPSS
Exploits0References10
CVE
CVE
added 2009/04/07 11:0 p.m.51 views

CVE-2009-1262

Fortinet FortiClient 3.0.614 (and possibly earlier) contains a local format-string vulnerability in the handling of VPN connection names. The flaw allows a local user to read and write arbitrary memory with SYSTEM privileges by supplying crafted format specifiers, enabling code execution under SY...

7.2CVSS7.5AI score0.00453EPSS
Exploits0References10Affected Software1
seebug.org
seebug.org
added 2009/04/04 12:0 a.m.33 views

Fortinet FortiClient VPN连接名称本地格式串漏洞

BUGTRAQ ID: 34343 FortiClient是新一代个人电脑安全防护平台,拥有防病毒、防火墙、VPN等强大的功能。 FortiClient的VPN功能中存在本地格式串漏洞。如果用户在VPN连接名称中指定了特制的格式串标识符并初始化了这个连接的话,就可以触发这个漏洞,导致以System权限级别读写任意内存。 FortiClient 3.0.614 Fortinet -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.fortinetfirewall.com/index.php...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.58 views

Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability

Oracle Secure Backup NDMPCONECTCLIENTAUTH Command Buffer Overflow Vulnerability 2009.January.13 Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Oracle Secure Backup Summary: ======== A Buffer Overflow vulnerability exists Oracle Secure Backup 10.2.0.2 through a...

10CVSS0.7AI score0.60625EPSS
Exploits7
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.121 views

Oracle Secure Backup Multiple Denial Of Service vulnerabilities

Oracle Secure Backup Multiple Denial Of Service vulnerabilities 2009.January.13 Fortinet's FortiGuard Global Security Research Team Discovers multiple vulnerabilities in Oracle Secure Backup Summary: ======== Multiple Denial Of Service vulnerabilities exist Oracle Secure Backup 10.2.0.2 through...

5CVSS0.6AI score0.02776EPSS
Exploits0
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.84 views

Oracle Secure Backup's observiced.exe Denial Of Service vulnerability

Oracle Secure Backup's observiced.exe Denial Of Service vulnerability 2009.January.13 Fortinet's FortiGuard Global Security Research Team Discovers a vulnerability in observiced.exe of Oracle Secure Backup Summary: ======== A Denial Of Service vulnerability exists Oracle Secure Backup 10.2.0.2...

5CVSS0.7AI score0.02583EPSS
Exploits0
NVD
NVD
added 2008/12/12 6:30 p.m.26 views

CVE-2008-5531

Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, as...

9.3CVSS6.3AI score0.02951EPSS
Exploits0References4
Prion
Prion
added 2008/12/12 6:30 p.m.23 views

Design/Logic Flaw

Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, as...

9.3CVSS6.2AI score0.75946EPSS
Exploits7References4Affected Software1
CVE
CVE
added 2008/12/12 6:13 p.m.49 views

CVE-2008-5531

CVE-2008-5531 describes a family of bypasses where attackers manipulated an HTML document to defeat malware detection in IE6/IE7 by placing an MZ header (the “EXE info”) at the beginning and altering the displayed filename extension, e.g., no extension, .txt, or .jpg. The connected records indica...

9.3CVSS6.3AI score0.02951EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2008/12/12 6:13 p.m.30 views

CVE-2008-5531

Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, as...

6.3AI score0.02951EPSS
Exploits0References4
securityvulns
securityvulns
added 2008/03/24 12:0 a.m.52 views

[Full-disclosure] Adobe Flash CS3 Professional FLA File Parsing Multiple Local Code Execute Vulnerabilities

Adobe Flash CS3 Professional FLA File Parsing Multiple Local Code Execute Vulnerabilities by [email protected] http://ruder.cdut.net Summary: More than three local code execute vulnerabilities exist in Adobe Flash CS3 Professional while it is parsing FLA files. An attacker who...

6.8CVSS0.2AI score0.19684EPSS
Exploits1
Cvelist
Cvelist
added 2008/02/14 11:0 a.m.15 views

CVE-2008-0779

The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request...

7AI score0.00405EPSS
Exploits0References9
CVE
CVE
added 2008/02/14 11:0 a.m.45 views

CVE-2008-0779

The CVE-2008-0779 entry describes a local privilege-escalation flaw in the fortimon.sys device driver of Fortinet FortiClient Host Security (versions up to 3.0 MR5 Patch 3 and earlier). The vulnerability arises from improper initialization of the Driver’s DeviceExtension, enabling a local user to...

7.2CVSS7AI score0.00405EPSS
Exploits0References9Affected Software1
securityvulns
securityvulns
added 2008/02/13 12:0 a.m.27 views

Fortinet Forticlient privilege escalation

No description provided...

2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2008/02/13 12:0 a.m.52 views

[Reversemode Advisory] February Advisories : Microsoft Word 2003 + Fortinet Forticlient

Hi ---------------------------- 1.Microsoft Word Memory Corruption Vulnerability Microsoft Word 2003 is prone to a memory corruption vulnerability while parsing a specially crafted Word file. The vulnerability is caused by calculation errors while parsing certain fields within the barely...

3.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/01/14 12:0 a.m.34 views

Fortinet Fortigate - CRLF Characters URL Filtering Bypass

source: https://www.securityfocus.com/bid/27276/info Fortinet Fortigate is prone to a vulnerability that can allow attackers to bypass the device's URL filtering. An attacker can exploit this issue to view unauthorized websites, bypassing certain security restrictions. This may lead to other...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/01/14 12:0 a.m.21 views

Fortinet Fortigate - CRLF Characters URL Filtering Bypass

Fortinet Fortigate - CRLF Characters URL Filtering Bypass source: https://www.securityfocus.com/bid/27276/info Fortinet Fortigate is prone to a vulnerability that can allow attackers to bypass the device's URL filtering. An attacker can exploit this issue to view unauthorized websites, bypassing...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2008/01/05 12:0 a.m.34 views

urlevasion.txt

I dont know if its new but i code it during a PentTest and i would like to share it with you. It is based on code developed By sinhack research labs: http://sinhack.net/URLFilteringEvasion/sakeru.tx Description: "Fortinet's URL blocking functionality can be bypassed by specially-crafted HTTP...

7.4AI score
Exploits0
Rows per page
Query Builder