Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1126 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5736 1 Fortinet 1 Forticlient 2025-04-12 N/A
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
CVE-2015-7361 1 Fortinet 1 Fortios 2025-04-12 N/A
FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.
CVE-2016-3194 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1453 1 Fortinet 1 Forticlient 2025-04-12 N/A
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.
CVE-2016-4965 1 Fortinet 1 Fortiwan 2025-04-12 N/A
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.
CVE-2015-1452 1 Fortinet 1 Fortios 2025-04-12 N/A
The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages.
CVE-2016-4967 1 Fortinet 1 Fortiwan 2025-04-12 N/A
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.
CVE-2015-1451 1 Fortinet 1 Fortios 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.
CVE-2014-8617 1 Fortinet 1 Fortimail 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol.
CVE-2016-4969 1 Fortinet 1 Fortiwan 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.
CVE-2016-4968 1 Fortinet 1 Fortiwan 2025-04-12 N/A
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.
CVE-2015-8038 1 Fortinet 1 Fortimanager Firmware 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.
CVE-2016-5092 1 Fortinet 1 Fortiweb 2025-04-12 N/A
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.
CVE-2015-8037 1 Fortinet 1 Fortimanager Firmware 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory.
CVE-2016-4966 1 Fortinet 1 Fortiwan 2025-04-12 N/A
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.
CVE-2015-3626 1 Fortinet 1 Fortios 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname.
CVE-2016-1909 1 Fortinet 1 Fortios 2025-04-12 N/A
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
CVE-2014-1955 1 Fortinet 1 Fortiweb 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6990 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.
CVE-2015-3620 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.