IPFire < 2.19 Core Update 101 - Remote Command Execution

Exploit Title: IPFire 2.19 Update Core 101 XSS to CSRF to Remote Command Execution Date: 04/05/2016 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipfire.org Version: lesser-than 2.19 Core Update 101 Category: Remote Command Execution / XSS Google dork: Tested on: IPFire...

IPCop Cross-Site Scripting Vulnerability

IPCop is a Linux-based firewall suite developed by IPCop team, which is mainly for home and SOHO users, providing firewall functions and allowing monitoring and management of various information through some TCP/IP business rules. A cross-site scripting vulnerability exists in versions prior to...

IPCop Firewall cgi-bin/iptablesgui.cgi Arbitrary Code Execution Vulnerability

IPCop Firewall is a firewall suite for the Linux environment , mainly for home and SOHO Small Office/Home Office users . An arbitrary code execution vulnerability exists in cgi-bin/iptablesgui.cgi in IPCop Firewall, which allows remote authenticated users to execute arbitrary code via the TABLE...

Cross site scripting

cgi-bin/iptablesgui.cgi in IPCop aka IPCop Firewall before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting XSS vulnerability...

CVE-2013-7418

cgi-bin/iptablesgui.cgi in IPCop aka IPCop Firewall before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting XSS vulnerability...

CVE-2013-7418

CVE-2013-7418 affects IPCop Firewall (cgi-bin/iptablesgui.cgi) prior to version 2.1.5. The vulnerability allows remote authenticated users to execute arbitrary code by injecting shell metacharacters into the TABLE parameter. Note that exploitation can be facilitated remotely by chaining a separat...

CVE-2013-7418

cgi-bin/iptablesgui.cgi in IPCop aka IPCop Firewall before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting XSS vulnerability...

Cross site scripting

Cross-site scripting XSS vulnerability in cgi-bin/ipinfo.cgi in IPCop aka IPCop Firewall before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING. NOTE: this can be used to bypass the cross-site request forgery CSRF protection mechanism by setting the Refere...

CVE-2013-7417

Cross-site scripting XSS vulnerability in cgi-bin/ipinfo.cgi in IPCop aka IPCop Firewall before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING. NOTE: this can be used to bypass the cross-site request forgery CSRF protection mechanism by setting the Refere...

CVE-2013-7417

Cross-site scripting XSS vulnerability in cgi-bin/ipinfo.cgi in IPCop aka IPCop Firewall before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING. NOTE: this can be used to bypass the cross-site request forgery CSRF protection mechanism by setting the Refere...

CVE-2013-7417

Affected software: IPCop Firewall (IPCop). Vulnerable component: web interface script at cgi-bin/ipinfo.cgi. Root cause: Cross-site scripting (XSS) via QUERY_STRING, with note that CSRF protection can be bypassed by Referer. Impact: remote attacker can inject arbitrary web scripts/HTML in users’ ...

IPCop 2.1.4 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: IPCop = 2.1.4 XSS to CSRF to Remote Command Execution Date: 21/12/2014 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipcop.org - www.ipcop.org/download.php Version: 2.1.4 Category: Remote Command Execution Google dork: Tested on: IPCop distribution IPCop...

IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection

IPFire - CGI Web Interface Authenticated Bash Environment Variable Code Injection !/usr/bin/env python Exploit Title : IPFire = 2.15 core 82 Authenticated cgi Remote Command Injection ShellShock Exploit Author : Claudio Viviani Vendor Homepage : http://www.ipfire.org Software Link:...

IPCop 1.4.1 Web Administration Interface Proxy Log HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11779/info IPCop is reported susceptible to an HTML injection vulnerability in its proxy log viewer. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in...

CVE-2005-4660

Race condition in IPCop aka IPCop Firewall before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from...

CVE-2005-4659

IPCop aka IPCop Firewall before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from th...

CVE-2005-4659

CVE-2005-4659 affects IPCop (IPCop Firewall) prior to 1.4.10. The backup.key file has world-readable permissions, potentially allowing local users to overwrite system configuration files by creating a malicious encrypted backup archive owned by nobody and then running ipcoprscfg to restore from t...

CVE-2005-4660

CVE-2005-4660 concerns IPCop Firewall prior to 1.4.10, where a race condition may allow a local attacker to overwrite system configuration files. The underlying flaw involves replacing a backup archive during the window when it is owned by namebody but not yet encrypted, and then executing ipco...

CVE-2005-4659

IPCop aka IPCop Firewall before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from th...

CVE-2005-4660

Race condition in IPCop aka IPCop Firewall before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from...