CVE-2019-6699
https://notcve.org/view.php?id=CVE-2019-6699
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. Una vulnerabilidad de neutralización de entrada inapropiada en Fortinet FortiADC versiones anteriores a 5.3.3, puede permitir a un atacante ejecutar un ataque de tipo Cross Site Scripting (XSS) almacenado por medio de un campo en la interfaz de traffic group. • https://fortiguard.com/advisory/FG-IR-19-220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-13374 – Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2018-13374
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. Un control de acceso inadecuado en Fortinet FortiOS 6.0.2, 5.6.7 y anteriores, FortiADC 6.1.0, 6.0.0 a 6.0.1, 5.4.0 a 5.4.4 permite a un atacante obtener las credenciales de inicio de sesión del servidor LDAP configurado en FortiGate a través de una solicitud de prueba de conectividad del servidor LDAP a un servidor LDAP falso en lugar del configurado FortiGate FortiOS versions prior to 6.0.3 suffer from an LDAP credential disclosure vulnerability. Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server. • https://www.exploit-db.com/exploits/46171 https://fortiguard.com/advisory/FG-IR-18-157 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2014-8618
https://notcve.org/view.php?id=CVE-2014-8618
Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de acceso del tema en modelos Fortinet FortiADC D en versiones anteriores a 4.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-15-005 http://www.securitytracker.com/id/1032265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8582
https://notcve.org/view.php?id=CVE-2014-8582
FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors. FortiNet FortiADC-E con firmware 3.1.1 anterior a 4.0.5 y Coyote Point Equalizer con firmware 10.2.0a permite a atacantes remotos obtener el acceso a subredes arbitrarios a través de vectores no especificados. • http://docs.fortinet.com/uploaded/files/2164/FortiADC-E-4.0.5-GA-Release-Notes.pdf http://secunia.com/advisories/61866 http://www.fortiguard.com/advisory/FG-IR-14-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/98384 •
CVE-2014-0331
https://notcve.org/view.php?id=CVE-2014-0331
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/. Vulnerabilidad de XSS en la interfaz de administración de web en FortiADC con firmware anterior a 3.2.1 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro locale hacia gui_partA/. • http://seclists.org/fulldisclosure/2014/Apr/53 http://www.fortiguard.com/advisory/FG-IR-14-004 http://www.kb.cert.org/vuls/id/667340 http://www.securityfocus.com/bid/66642 http://www.securitytracker.com/id/1030018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •