CVE-2023-36639

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...

Format string

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...

Double free

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request...

Cross site scripting

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized cod...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters...

Cross site scripting

An improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via craft...

CVE-2023-41678

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request...

CVE-2023-41678

CVE-2023-41678 centers on a double-free in Fortinet FortiOS (7.0.0–7.0.5) and FortiPAM (1.0.0–1.0.3, 1.1.0–1.1.1) that allows an attacker to execute arbitrary code or commands via a specially crafted request. Affected components include FortiOS’s HTTPSd daemon and FortiPAM. The exploitation impac...

CVE-2023-36639

CVE-2023-36639 describes a vulnerability where an externally-controlled format string could allow remote code execution in Fortinet FortiProxy, FortiOS, and FortiPAM. Affected are FortiProxy 7.2.0–7.2.4, 7.0.0–7.0.10; FortiOS 7.4.0, 7.2.0–7.2.4, 7.0.0–7.0.11, 6.4.0–6.4.12, 6.2.0–6.2.15, 6.0.0–6.0...

CVE-2023-36639

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...

CVE-2023-41844

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.4 and above...

CVE-2023-45587

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions allows attacker to execute...

CVE-2023-45587

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions allows attacker to execute...

CVE-2023-48782

Fortinet FortiWLM vulnerability CVE-2023-48782: OS command injection in FortiWLM 8.6.0–8.6.5 allows remote execution through specially crafted HTTP GET parameters. Reported impact includes unauthorized command execution; Fortinet lists a fix in 8.6.6+ (per the linked advisories).

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A cross-site scripting vulnerability exists in Fortinet FortiSandbox that stem...

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A cross-site scripting vulnerability exists in Fortinet FortiSandbox that stem...

Fortinet FortiOS Resource Management Error Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and antispam security features. Fortinet FortiOS, FortiPAM A resource...

Adobe ColdFusion Vulnerability Leads to Federal Agency Breach

Summary: Unidentified threat actors exploit Adobe ColdFusion vulnerability CVE-2023-26360 on government servers, leading to potential unauthorized code execution. Incidents involve reconnaissance, data extraction attempts, and emphasize the importance of software updates. Threat Level - Red |...

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

CVE-2023-49313

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data...