FortiManager and FortiAnalyzer Client Side XSS vulnerability
A client side XSS vulnerablity in FortiManager/FortiAnalyzer could allow malicious script being injected in the Web-UI; this potentially enables XSS attacks.
View ArticleFortiManager and FortiAnalyzer XSS vulnerability
A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field; this potentially enables XSS attacks.
View ArticleFortiManager and FortiAnalyzer Persistent XSS vulnerability
An XSS vulnerablity in FortiManager/FortiAnalyzer could allow privileged guest user accounts and restricted user accounts to inject malicious script to the application-side or client-side of the...
View ArticleFortiVoice 5.0 Filter Bypass & Persistent Web Vulnerabilities
A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this potentially enables XSS attacks.
View ArticleFortiCloud Cross Site Script Persistent Web Vulnerabilities
Forticloud online service before May 3, 2016 was exposed to cross site scripting web vulnerabilities, which could allow malicious script being injected in the affected module; this potentially enables...
View ArticleCookie Parser Buffer Overflow Vulnerability
FortiGate firmware (FortiOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerability, when exploited by a crafted HTTP request, can result in execution control...
View ArticleFortiWAN Multiple Vulnerabilities
FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities.CVE-2016-4965: Non-administrative authenticated user having access privileges...
View ArticleFortiClient Unencrypted Password Vulnerability
One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials.
View ArticleFortiClient DLL Hijacking vulnerability
When executed, the FortiClient installer (FortiClientOnlineInstaller.exe), if downloaded before August 11th, 2016 (build 0842), would attempt to load DLLs from the directory where it resides.
View ArticleOpenSSL Advisory - May 2016
OpenSSL released an update in May 2016 to address two high and four low severity vulnerabilities.
View ArticleFortiDDoS Command Injection Vulnerability Announcement
A vulnerability in FortiDDoS allows escalation of privilege via remote OS injection through crafted URLs sent to the GUI. The user is required to be logged in for an exploit to work.
View ArticleFortiWLC Undocumented Hardcoded Rsync Account
FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account, which has read/write privileges over various parts of the system.
View Article