📦 Fortimail

This vulnerability allows remote unauthenticated attackers to bypass administrator authentication on FortiMail email security appliances. Attackers can gain administrative access by sending specially ...

This vulnerability allows remote attackers to efficiently guess administrative authentication tokens in FortiMail systems by observing certain system properties. It affects FortiMail versions before 7...

This CVE describes SQL injection vulnerabilities in FortiMail email security appliances that allow unauthenticated attackers to execute arbitrary SQL commands via crafted HTTP requests. Attackers coul...

This vulnerability allows unauthenticated attackers to infer parts of user authentication tokens due to a weak random number generator in FortiMail's Identity Based Encryption service. Attackers could...

This CSRF vulnerability allows remote unauthenticated attackers to trick authenticated administrators into executing malicious CLI commands via crafted GET requests. Affected systems include multiple ...

This CVE describes an incorrect authorization vulnerability in FortiMail webmail that allows authenticated attackers to log into other users' accounts within the same web domain via crafted HTTP/HTTPS...

An unauthenticated attacker can send specially crafted HTTP requests to FortiMail's web server CGI facilities to manipulate the script interpreter's environment. This improper input validation vulnera...

This vulnerability allows remote attackers who have obtained a session cookie to decrypt, modify, or forge its contents, potentially leading to privilege escalation. It affects FortiMail email securit...

This path traversal vulnerability in FortiMail webmail allows authenticated users to access unauthorized files and data through specially crafted web requests. It affects FortiMail systems before vers...

This buffer overflow vulnerability in FortiMail allows authenticated webmail users to execute arbitrary code via crafted HTTP requests. It affects FortiMail versions before 6.4.5, potentially enabling...

This CRLF injection vulnerability in Fortinet FortiMail allows attackers to inject HTTP headers into server responses by tricking users into clicking malicious links. Affected systems include FortiMai...

This vulnerability allows authenticated attackers with regular webmail access to trigger a buffer overflow via crafted HTTP requests, potentially leading to arbitrary code execution. It affects Fortin...

This vulnerability allows remote unauthenticated attackers to obtain sensitive software version information from multiple Fortinet products by reading a JavaScript file. This affects FortiDDoS, FortiD...

A stack-buffer overflow vulnerability in Fortinet FortiMail CLI allows privileged attackers to execute arbitrary code or commands via crafted CLI commands. This affects FortiMail versions 7.6.0 throug...

This vulnerability allows attackers to poison web caches by sending crafted HTTP requests with malicious Host headers to Fortinet devices. Attackers can redirect users to arbitrary malicious servers, ...

This CVE describes an OS command injection vulnerability in Fortinet FortiMail and FortiRecorder products. Attackers with CLI access can execute arbitrary commands on affected systems, potentially lea...