CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0CVE-2015-3293
https://notcve.org/view.php?id=CVE-2015-3293
FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. FortiMail 5.0.3 hasta 5.2.3 permite a administradores remotos obtener credenciales a través del comando 'diag debug application httpd'. • http://www.fortiguard.com/advisory/FG-IR-15-009 http://www.securitytracker.com/id/1032185 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 1CVE-2014-8617
https://notcve.org/view.php?id=CVE-2014-8617
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. Vulnerabilidad de XSS en la característica Web Action Quarantine Release en la interfaz gráfica del usuario Web en Fortinet FortiMail anterior a 4.3.9, 5.0.x anterior a 5.0.8, 5.1.x anterior a 5.1.5, y 5.2.x anterior a 5.2.3 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML arbitrarios a través del parámetro release en module/releasecontrol. • http://seclists.org/fulldisclosure/2015/Mar/5 http://www.fortiguard.com/advisory/FG-IR-15-005 http://www.securitytracker.com/id/1031859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •