Page 141 of 797 results (0.006 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php. Fortinet FortiWan (anteriormente AscernLink) en versiones anteriores a 4.2.5 permite a usuarios remotos autenticados con acceso a la funcionalidad nslookup ejecutar comandos arbitrarios con privilegios root a través del parámetro graph a diagnosis_control.php • http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities http://www.securityfocus.com/bid/92779 https://www.kb.cert.org/vuls/id/724487 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. La página diagnosis_control.php en Fortinet FortiWan (anteriormente AscernLink) en versiones anteriores a 4.2.5 permite a usuarios remotos autenticados descargar archivos PCAP a través de vectores relacionados con el parámetro UserName GET. • http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities http://www.securityfocus.com/bid/92781 https://www.kb.cert.org/vuls/id/724487 • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php. Múltiples vulnerabilidades de XSS en Fortinet FortiWan (anteriormente AscernLink) en versiones anteriores a 4.2.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro IP a script/statistics/getconn.php. • http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities http://www.securityfocus.com/bid/92779 https://www.kb.cert.org/vuls/id/724487 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php. Fortinet FortiWan (anteriormente AscernLink) en versiones anteriores a 4.2.5 permite a usuarios remotos autenticados obtener información sensible de (1) un backup de la configuración del dispositivo a través de script/cfg_show.php o (2) archivos PCAP a través de script/system/tcpdump.php. • http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities http://www.securityfocus.com/bid/92779 https://www.kb.cert.org/vuls/id/724487 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. La página linkreport/tmp/admin_global en Fortinet FortiWan (anteriormente AscernLink) en versiones anteriores a 4.2.5 permite a usuarios remotos autenticados descubrir cookies de administrador a través de una petición GET. • http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities http://www.securityfocus.com/bid/92779 https://www.kb.cert.org/vuls/id/724487 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •