Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22636
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 up to and including 6.3.21, 6.4.0 up to and including 6.4.2 and 7.0.0 up to and including 7.0.4 may allow a local malicious user to access confidential configuration files via a crafted http request.
Fortinet Fortiweb
NA
CVE-2023-34984
A protection mechanism failure in Fortinet FortiWeb 7.2.0 up to and including 7.2.1, 7.0.0 up to and including 7.0.6, 6.4.0 up to and including 6.4.3, 6.3.6 up to and including 6.3.23 allows malicious user to execute unauthorized code or commands via specially crafted HTTP reques...
Fortinet Fortiweb
445
VMScore
CVE-2014-1956
CRLF injection vulnerability in FortiGuard FortiWeb prior to 5.0.3 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Fortinet Fortiweb
578
VMScore
CVE-2014-1957
FortiGuard FortiWeb prior to 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
Fortinet Fortiweb
NA
CVE-2021-42761
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 up to and including 6.3.16, 6.2.0 up to and including 6.2.6, 6.1.0 up to and including 6.1.2, 6.0.0 up to and including 6.0.7, 5.9.0 up to and including...
Fortinet Fortiweb
356
VMScore
CVE-2016-5092
Directory traversal vulnerability in Fortinet FortiWeb prior to 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.
Fortinet Fortiweb
383
VMScore
CVE-2013-7181
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote malicious users to inject arbitrary web script or HTML via the filter parameter.
Fortinet Fortiweb 5.0.3
890
VMScore
CVE-2017-14189
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.
Fortinet Fortiweb Manager 5.8.0
668
VMScore
CVE-2020-29015
A blind SQL injection in the user interface of FortiWeb 6.3.0 up to and including 6.3.7 and version prior to 6.2.4 may allow an unauthenticated, remote malicious user to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing ...
Fortinet Fortiweb
445
VMScore
CVE-2020-29019
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 up to and including 6.3.7 and version prior to 6.2.4 may allow a remote, unauthenticated malicious user to crash the httpd daemon thread by sending a request with a crafted cookie header.
Fortinet Fortiweb
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »