21 matches found
EUVD-2019-6642
Malware in sbrugna...
EUVD-2021-12924
Malware in sbrugna...
EUVD-2025-6592
Malicious code in bioql PyPI...
CVE-2013-5551
Cisco Adaptive Security Appliance ASA Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service stack overflow and device reload by using the clientless SSL VPN portal for internal-resource browsing, aka...
CVE-2019-15706
An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, version 5.6.12 may allow a remote authenticated attacker to perform a stored cross site scripting...
Fortinet Fortigate Access to NULL pointer in SSL VPN portal (FG-IR-22-086)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-086 advisory. - A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 throug...
Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service DoS condition and remote code execution RCE. "The two issues are fundamentally the same but exploitable at differen...
The vulnerability of the SSL-VPN portal for FortiOS operating systems and the FortiProxy proxy server, which allows attackers to execute arbitrary code.
The vulnerability of the SSL-VPN portal for FortiOS operating systems and the FortiProxy proxy server used for protecting against internet attacks is related to the possibility of buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending...
CVE-2022-45861
An access of uninitialized pointer vulnerability CWE-824 in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated...
Design/Logic Flaw
An access of uninitialized pointer vulnerability CWE-824 in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated...
PT-2023-1862 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.11 and earlier, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 FortiProxy versions 2.0.11 and earlier, 7.0.0 through 7.0.7, 7.2.0 through 7.2.1 Description: The issue is related to an access of uninitialized pointer vulnerabili...
PT-2022-5766 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.0.x, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 through 7.0.5, 7.2.0 FortiProxy versions 1.2.x, 2.0.0 through 2.0.9, 7.0.0 through 7.0.4 Description: The issue is related to an access of uninitialized pointer in the S...
Protect
An access of uninitialized pointer vulnerability CWE-824 in the SSL VPN portal of FortiOS & FortiProxy may allow a remote unauthenticated or authenticated see Affected Products section attacker to crash the sslvpn daemon via an HTTP GET request...
CVE-2021-26092
Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to...
The vulnerability of the SSL-VPN portal for FortiOS operating systems allows attackers to perform cross-site scripting attacks.
The vulnerability of the SSL-VPN portal for FortiOS operating systems exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
Vulnerability fixed in FortiGate SSL VPN Portal
FortiGuard has fixed a vulnerability in e FortiGate SSL VPN portal. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...
Vulnerability fixed in FortiOS
Fortinet has fixed a vulnerability in FortiOS. The vulnerability allows a malicious party to perform a Cross-Site Scripting XSS attack. The vulnerability arises from incorrect input validation when generating a Web page in the SSL VPN portal. Fortinet has released updates to fix the vulnerability...
CVE-2019-15705
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request...
Fortinet FortiOS < 6.0.7 / 6.2.x < 6.2.2 Multiple Vulnerabilities (FG-IR-19-184, FG-IR-19-236)
The remote host is running a version of FortiOS prior to 6.0.7 or 6.2.x prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities : - A Cross-site Scripting XSS vulnerability in the FortiGate DHCP monitor page alllows an unauthenticated attacker in the same network as the FortiGate t...
Cross site scripting
A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of that portal on an...