Vulnerabilities > Fortinet
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-03-21 | CVE-2012-1423 | Permissions, Privileges, and Access Controls vulnerability in multiple products The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. | 4.3 |
2012-03-21 | CVE-2012-1420 | Permissions, Privileges, and Access Controls vulnerability in multiple products The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. | 4.3 |
2009-09-04 | CVE-2008-7161 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortigate-1000 3.00 Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. | 7.5 |
2009-04-07 | CVE-2009-1262 | USE of Externally-Controlled Format String vulnerability in Fortinet Forticlient 3.0.614 Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. | 7.2 |
2008-12-12 | CVE-2008-5531 | Improper Input Validation vulnerability in Fortinet Fortiguard Antivirus 3.113.0.0 Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-02-14 | CVE-2008-0779 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient Host Security The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request. | 7.2 |
2006-06-24 | CVE-2006-3222 | Unspecified vulnerability in Fortinet Fortios The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. | 5.0 |
2006-04-21 | CVE-2006-1966 | Denial-Of-Service vulnerability in Fortinet28 An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. | 5.0 |
2005-12-31 | CVE-2005-3058 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortigate and Fortios Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. | 7.5 |
2005-12-31 | CVE-2005-3057 | Unspecified vulnerability in Fortinet Fortigate and Fortios The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. | 10.0 |