IPFire Firewall 安全漏洞

IPFire Firewall is an open source Linux-based firewall system from the IPFire organization. IPFire Firewall suffers from a remote code execution vulnerability, and no detailed vulnerability details are provided at this time...

IPFire Remote Code Execution (CVE-2021-33393)

A remote code execution vulnerability exists in IPFire. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

IPFire 2.25 Remote Code Execution

Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Date: 15/05/2021 Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 15...

IPFire 2.25 - Remote Code Execution (Authenticated) Exploit

Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 156 Tested on: parr...

IPFire 2.25 - Remote Code Execution (Authenticated)

Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Date: 15/05/2021 Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 15...

Security update for tor (moderate)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2021:0474-1 Rating: moderate References: 1183726 Cross-References: CVE-2021-28089 CVE-2021-28090 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes two vulnerabilities is now available. Description:...

IPFire Firewall Web Interface Command Injection (CVE-2018-16232)

A command injection vulnerability exists in the web interface of IPFire firewall. The vulnerability is due to improper validation of user-supplied requests in the backup.cgi script. Successful exploitation could lead to arbitrary command injection as the nobody user...

IPFire 2.21 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link:...

IPFire 2.21 - Cross-Site Scripting

IPFire 2.21 - Cross-Site Scripting Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.is...

IPFire 2.21 - Cross-Site Scripting

Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.iso Version: IPFire 2.21 - Core Updat...

IPFire 2.21 Cross Site Scripting

Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.iso Version: IPFire 2.21 - Core Updat...

IPFire Firewall Command Injection Vulnerability

IPFire Firewall is an open source Linux-based firewall system . A command injection vulnerability exists in the backup.cgi file in versions prior to IPFire Firewall 2.21 Core Update 124, which can be exploited by an attacker to execute arbitrary commands...

CVE-2018-16232

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands...

CVE-2018-16232

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands...

Command injection

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands...

CVE-2018-16232

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands...

CVE-2018-16232

IPFire Firewall (before 2.21 Core Update 124) is affected by an authenticated command injection in backup.cgi. An authenticated user with page privileges can execute arbitrary commands on the system. The vulnerability is triggered via the web interface, and exploitation would run with the affecte...

CVE-2025-34116

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ipfireproxyexec.rb 2025-10-23 21:13:04+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

IPFire 'OINKCODE' Parameter Remote Command Injection Vulnerability

IPFire is prone to a remote command injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Metasploit Wrapup

With Hacker Summer Camp 2017 wrapped up and folks now recovering from it, why not grab a drink and read up on what's new with Metasploit? Where there's smoke... At least a few versions of open source firewall IPFire contain a post-auth RCE vulnerability, and we well, you! now have a module to hel...