Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2020-29018
A format string vulnerability in FortiWeb 6.3.0 up to and including 6.3.5 may allow an authenticated, remote malicious user to read the content of memory and retrieve sensitive data via the redir parameter.
Fortinet Fortiweb
578
VMScore
CVE-2014-1957
FortiGuard FortiWeb prior to 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
Fortinet Fortiweb
516
VMScore
CVE-2021-43064
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to use the device as a proxy and reach external or protected hosts via redirection handlers.
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
445
VMScore
CVE-2021-41013
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
445
VMScore
CVE-2021-41014
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated malicious user to make the httpsd daemon unresponsive via huge HTTP packets
Fortinet Fortiweb
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
445
VMScore
CVE-2021-36187
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows malicious user to cause a denial of service for webserver daemon via crafted HTTP requests
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
445
VMScore
CVE-2020-29019
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 up to and including 6.3.7 and version prior to 6.2.4 may allow a remote, unauthenticated malicious user to crash the httpd daemon thread by sending a request with a crafted cookie header.
Fortinet Fortiweb
445
VMScore
CVE-2014-1956
CRLF injection vulnerability in FortiGuard FortiWeb prior to 5.0.3 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Fortinet Fortiweb
436
VMScore
CVE-2021-36191
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows malicious user to use the device as proxy via crafted GET parameters in requests to error handlers
Fortinet Fortiweb
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
409
VMScore
CVE-2021-41027
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated malicious user to execute unauthorized code or commands via crafted certificates loaded into the device.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »