Page 12 of 59 results (0.004 seconds)

CVSS: 5.0EPSS: 4%CPEs: 9EXPL: 0

The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. El módulo proxy FTP Fortinet FortiOS (FortiGate) anterior v2.80 MR12 y v3.0 MR2 permite a atacantes remotos superar el escaneo del anti-virus a través del modo Enhanced Passive (EPSV) FTP. • http://attrition.org/pipermail/vim/2006-July/000921.html http://secunia.com/advisories/20720 http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-15.html http://www.osvdb.org/26736 http://www.securityfocus.com/bid/18570 http://www.vupen.com/english/advisories/2006/2467 https://exchange.xforce.ibmcloud.com/vulnerabilities/27532 •

CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html http://marc.info/?l=bugtraq&m=113986337408103&w=2 http://secunia.com/advisories/18844 http://www.securityfocus.com/bid/16597 http://www.vupen.com/english/advisories/2006/0539 https://exchange.xforce.ibmcloud.com/vulnerabilities/24624 •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 1

Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. • https://www.exploit-db.com/exploits/27203 http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.html http://secunia.com/advisories/18844 http://www.fortiguard.com/advisory/FGA-2006-10.html http://www.securityfocus.com/archive/1/424858/100/0/threaded http://www.securityfocus.com/bid/16599 http://www.vupen.com/english/advisories/2006/0539 https://exchange.xforce.ibmcloud.com/vulnerabilities/24626 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0

The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. • http://secunia.com/advisories/18446 http://www.fortinet.com/FortiGuardCenter/VU226364.html http://www.securityfocus.com/bid/15997 http://www.vupen.com/english/advisories/2006/0182 •