Page 2 of 13 results (0.001 seconds)

CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0

13 Dec 2023 — An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field. Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ('Inyección de comando') [CWE-77] en FortiPortal versión 7.2.0, versi... • https://fortiguard.com/psirt/FG-IR-23-425 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

16 Feb 2023 — An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. • https://fortiguard.com/psirt/FG-IR-22-430 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.7EPSS: 0%CPEs: 30EXPL: 0

08 Dec 2021 — A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. Un desbordamiento de búfer [CWE-121] en la biblioteca del cliente TFTP de FortiOS versiones anteriores a 6.4.7 y FortiOS versiones 7.0.0 hasta 7.0.2, puede permitir a un atacante local autenticado lograr una ejecución de código arbitrario por medio de argumentos de línea de c... • https://fortiguard.com/advisory/FG-IR-21-173 • CWE-787: Out-of-bounds Write •