CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25602
https://notcve.org/view.php?id=CVE-2023-25602
A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. • https://fortiguard.com/psirt/FG-IR-21-234 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42756
https://notcve.org/view.php?id=CVE-2021-42756
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. • https://github.com/3ndorph1n/CVE-2021-42756 https://fortiguard.com/psirt/FG-IR-21-186 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-42761
https://notcve.org/view.php?id=CVE-2021-42761
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. • https://fortiguard.com/psirt/FG-IR-21-214 • CWE-384: Session Fixation •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36193
https://notcve.org/view.php?id=CVE-2021-36193
Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands. Múltiples desbordamientos de búfer en la región stack de la memoria en el intérprete de línea de comandos de FortiWeb versiones anteriores a 6.4.2, pueden permitir a un atacante autenticado lograr una ejecución de código arbitrario por medio de comandos especialmente diseñados • https://fortiguard.com/advisory/FG-IR-21-132 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43073
https://notcve.org/view.php?id=CVE-2021-43073
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inapropiada de los elementos especiales usados en un comando os ("os command injection") en Fortinet FortiWeb versiones 6.4.1 y 6.4.0, versiones 6.3.15 y anteriores, versiones 6.2.6 y anteriores, permite a un atacante ejecutar código o comandos no autorizados por medio de peticiones HTTP diseñadas • https://fortiguard.com/advisory/FG-IR-21-180 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •