CVE-2006-3222
https://notcve.org/view.php?id=CVE-2006-3222
The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. El módulo proxy FTP Fortinet FortiOS (FortiGate) anterior v2.80 MR12 y v3.0 MR2 permite a atacantes remotos superar el escaneo del anti-virus a través del modo Enhanced Passive (EPSV) FTP. • http://attrition.org/pipermail/vim/2006-July/000921.html http://secunia.com/advisories/20720 http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html http://www.osvdb.org/26736 http://www.securityfocus.com/bid/18570 http://www.vupen.com/english/advisories/2006/2467 https://exchange.xforce.ibmcloud.com/vulnerabilities/27532 •
CVE-2005-3057
https://notcve.org/view.php?id=CVE-2005-3057
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html http://marc.info/?l=bugtraq&m=113986337408103&w=2 http://secunia.com/advisories/18844 http://www.securityfocus.com/bid/16597 http://www.vupen.com/english/advisories/2006/0539 https://exchange.xforce.ibmcloud.com/vulnerabilities/24624 •
CVE-2005-3058 – Fortinet Fortigate 2.x/3.0 - URL Filtering Bypass
https://notcve.org/view.php?id=CVE-2005-3058
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. • https://www.exploit-db.com/exploits/27203 http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.html http://secunia.com/advisories/18844 http://www.fortiguard.com/advisory/FGA-2006-10.html http://www.securityfocus.com/archive/1/424858/100/0/threaded http://www.securityfocus.com/bid/16599 http://www.vupen.com/english/advisories/2006/0539 https://exchange.xforce.ibmcloud.com/vulnerabilities/24626 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-4570
https://notcve.org/view.php?id=CVE-2005-4570
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. • http://secunia.com/advisories/18446 http://www.fortinet.com/FortiGuardCenter/VU226364.html http://www.securityfocus.com/bid/15997 http://www.vupen.com/english/advisories/2006/0182 •