|
247041
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortios
fortiproxy
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal a…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13380
|
2024-11-21 12:46 |
2019-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247042
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiproxy
fortios
|
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to…
|
CWE-22
Path Traversal
|
CVE-2018-13379
|
2024-11-21 12:46 |
2019-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247043
|
7.8 |
HIGH
Local
|
fortinet
|
forticlient
|
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
|
NVD-CWE-noinfo
|
CVE-2018-13368
|
2024-11-21 12:46 |
2019-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247044
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortios
|
An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page.
|
CWE-200
Information Exposure
|
CVE-2018-13365
|
2024-11-21 12:46 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247045
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortiproxy
fortios
|
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-13383
|
2024-11-21 12:46 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247046
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortianalyzer
fortimanager
|
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts …
|
CWE-79
Cross-site Scripting
|
CVE-2018-13375
|
2024-11-21 12:46 |
2019-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247047
|
8.1 |
HIGH
Network
|
gnu
|
gcc
|
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeti…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2018-12886
|
2024-11-21 12:46 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247048
|
7.2 |
HIGH
Network
|
fortinet
|
fortisiem
|
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.
|
CWE-200
Information Exposure
|
CVE-2018-13378
|
2024-11-21 12:46 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247049
|
4.8 |
MEDIUM
Network
|
pixelite
|
events_manager
|
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13137
|
2024-11-21 12:46 |
2019-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247050
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortios
|
An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets…
|
CWE-200
Information Exposure
|
CVE-2018-13366
|
2024-11-21 12:46 |
2019-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
