CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2015-1459
https://notcve.org/view.php?id=CVE-2015-1459
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. Vulnerabilidad de XSS en Fortinet FortiAuthenticator 3.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro operation en cert/scep/. • http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html http://secunia.com/advisories/62836 http://www.fortiguard.com/advisory/FG-IR-15-003 http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf http://www.securityfocus.com/bid/72378 https://exchange.xforce.ibmcloud.com/vulnerabilities/100561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1455
https://notcve.org/view.php?id=CVE-2015-1455
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. Fortinet FortiAuthenticator 3.0.0 tiene una contraseña de (1) slony para el usuario de PostgreSQL de slony y (2) www-data para el usuario de PostgreSQL de www-data, lo que facilita a atacantes remotos obtener acceso a través de vectores no especificados. • http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html http://www.fortiguard.com/advisory/FG-IR-15-003 http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf http://www.securityfocus.com/bid/72378 • CWE-255: Credentials Management Errors •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1457
https://notcve.org/view.php?id=CVE-2015-1457
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. Fortinet FortiAuthenticator 3.0.0 permite a usuarios locales leer ficheros arbitrarios a través del indicador -f en el comando dig. • http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html http://www.fortiguard.com/advisory/FG-IR-15-003 http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf http://www.securityfocus.com/bid/72378 https://exchange.xforce.ibmcloud.com/vulnerabilities/100560 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6990
https://notcve.org/view.php?id=CVE-2013-6990
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. FortiGuard FortiAuthenticator anterior a 3.0 permite a administradores remotos ganar privilegios a través de la interfaz de línea de comando. • http://www.fortiguard.com/advisory/FG-IR-13-016 https://exchange.xforce.ibmcloud.com/vulnerabilities/96200 • CWE-264: Permissions, Privileges, and Access Controls •