Search Results (1126 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8618 1 Fortinet 6 Fortiadc-1500d, Fortiadc-2000d, Fortiadc-200d and 3 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3115 1 Fortinet 1 Fortiweb 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.
CVE-2014-0351 1 Fortinet 1 Fortios 2025-04-12 N/A
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.
CVE-2015-3620 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-1957 1 Fortinet 1 Fortiweb 2025-04-12 N/A
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2014-1955 1 Fortinet 1 Fortiweb 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4066 1 Fortinet 1 Fortiweb 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors.
CVE-2015-1453 1 Fortinet 1 Forticlient 2025-04-12 N/A
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.
CVE-2015-5735 1 Fortinet 1 Forticlient 2025-04-12 N/A
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call.
CVE-2013-6990 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.
CVE-2016-3196 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
CVE-2016-3195 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3194 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3193 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-7560 1 Fortinet 1 Fortiwlc 2025-04-12 N/A
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
CVE-2014-8617 1 Fortinet 1 Fortimail 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol.
CVE-2016-5092 1 Fortinet 1 Fortiweb 2025-04-12 N/A
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.
CVE-2015-2323 1 Fortinet 1 Fortios 2025-04-12 N/A
FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.
CVE-2014-8616 1 Fortinet 1 Fortios 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.
CVE-2015-5736 1 Fortinet 1 Forticlient 2025-04-12 N/A
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.